Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Dutch CA Hacked

Posted by timothy on Thursday December 8, 2011 @02:13AM from the need-more-fingers-in-these-holes dept.

An anonymous reader writes "After the fiasco involving DigiNotar, another Dutch CA (Gemnet, a daughter of KPN-Telecom) has been hacked and databases were accessed, webwereld.nl reports (Dutch original). The hack was possible because the website was managed using PHP-MyAdmin, and this application allowed database access without a password. The site has been shut down and security checks were ordered."

2 of 152 comments (clear)

Min score:

Reason:

Sort:

Web Admin of the Year by Anonymous Coward · 2011-12-08 02:19 · Score: 5, Insightful

So a CA, holder of the keys for SSL certs, had an externally facing db admin module with no password... Just wow...
jawdrop by v1 · 2011-12-08 02:20 · Score: 5, Interesting

website was managed using PHP-MyAdmin, and this application allowed database access without a password.
At what point does this become "criminal negligence"?
And you'd expect there would be some sort of periodic audit process in place for anyone that manages a root certificate? hippa-style something or other? Or will they just set up any idiots with a CA that have good credit?

--
I work for the Department of Redundancy Department.