Another Dutch CA Hacked

← Back to Stories (view on slashdot.org)

Posted by timothy on Thursday December 8, 2011 @02:13AM from the need-more-fingers-in-these-holes dept.

An anonymous reader writes "After the fiasco involving DigiNotar, another Dutch CA (Gemnet, a daughter of KPN-Telecom) has been hacked and databases were accessed, webwereld.nl reports (Dutch original). The hack was possible because the website was managed using PHP-MyAdmin, and this application allowed database access without a password. The site has been shut down and security checks were ordered."

4 of 152 comments (clear)

Min score:

Reason:

Sort:

jawdrop by v1 · 2011-12-08 02:20 · Score: 5, Interesting

website was managed using PHP-MyAdmin, and this application allowed database access without a password.
At what point does this become "criminal negligence"?
And you'd expect there would be some sort of periodic audit process in place for anyone that manages a root certificate? hippa-style something or other? Or will they just set up any idiots with a CA that have good credit?

--
I work for the Department of Redundancy Department.
1. Re:jawdrop by Afforess · 2011-12-08 02:56 · Score: 3, Interesting
  
  Actually, you could make the counter claim that the story title is bad.
  
  After all, it isn't stealing to pick money off the ground, it isn't hacking to visit public web data.
  
  --
  If our elected representatives no longer represent us, do we still live in a Democracy?
Re:Lets play 'Pass The Blame!....' by Gaygirlie · 2011-12-08 02:59 · Score: 4, Interesting

Atleast to my eye it looks like they're trying to lay blame on PHPMyAdmin. Perhaps it's just poor wording but still, that's how it does come out. And well, everyone knows that anything can be made insecure if they're given in incompetent-enough hands.
Ca subject name? by qha · 2011-12-08 03:30 · Score: 4, Interesting

So the first question I expected t.f.a. to answer:
What is the subject name of this Ca so I can remove it from my list of "trusted" Cas?