Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch DigiNotar Servers Were Fully Hacked

Posted by Soulskill on from the they-don't-fool-around dept.

ChristW writes "The final report that was handed to the Dutch government today indicates that all 8 certificate servers of the Dutch company DigiNotar were fully hacked. (Report PDF in English.) Because the access log files were stored on the same servers, they cannot be used to find any evidence for or against intrusion. In fact, blatant falsification has been found in those log files. A series of so-far unused certificates has also been found. It is unknown if and where these certificates have been used."

6 of 83 comments (clear)

  1. Who's to blame? (hint) by ntropia · · Score: 2, Insightful

    You know, for a server being violated is always a matter of probability, same story about hardware failures ("when", not "if"). Some of the variables in this equation is how "interesting" your server could. And a server releasing certificates is quite "interesting", if you ask me. So if you keep the logs of such an important server on the machine itself, there isn't much to say: the administrators of such a server are incompetent.

  2. Bloody n00bs... by fuzzyfuzzyfungus · · Score: 3, Insightful

    You would think that a company playing at something mildly important(like, oh being a CA for the Dutch government...) could, at very least, do basic things like store logs on WORM tape... Yes, those are overpriced compared to the normal ones; but they aren't that expensive.

    1. Re:Bloody n00bs... by Anonymous Coward · · Score: 3, Insightful

      WORMs cost money... so does all security... I'm sure the contract was awarded to the lowest bidder.

    2. Re:Bloody n00bs... by Opportunist · · Score: 3, Insightful

      *sigh* Most likely, yeah.

      Security is the stepchild of IT. They don't produce. Ok, so does a lot of IT, but at least with the rest of IT, management can somehow hope that eventually they can fire a couple of people. With ITSEC, no such luck. They don't streamline production (worse, they often bog it down), they don't make people redundant, in fact, they make more people necessary. Plus, those pesky, nosey security geeks keep peeking into every computer and might find out that the boss is surfing on pages containing gay llama porn.

      It's sad but true, if you see two people sitting on a huge table in the crowded cafeteria and nobody wants to join them, and they're not talking with each other either, you know where security and controlling are.

      But unlike controlling, it's pretty hard to make your boss understand the dangers of a security breach in IT.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:Codeweavers Crossover Direct Downloads 10/31/20 by Anonymous Coward · · Score: 0, Insightful

    What about for Mac OS X which is the only non-Windows desktop OS that matters?

  4. Oh, really? Try this *NIX boy... apk by Anonymous Coward · · Score: 0, Insightful

    What were ALL THE OTHER CA's HACKED RUNNING? Linux

    Proof?? Fine, easy, & here 'tis ("eat it" boy):

    (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

    ---

    http://uptime.netcraft.com/up/graph?site=StartCom.com

    http://uptime.netcraft.com/up/graph?site=GlobalSign.com

    http://uptime.netcraft.com/up/graph?site=Comodo.com

    http://uptime.netcraft.com/up/graph?site=DigiCert.com

    http://uptime.netcraft.com/up/graph?site=www.gemnet.nl

    ---

    The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

    http://itproafrica.com/technology/security/cas-hacked/

    &

    http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811

    ---

    * Thus, in case you didn't KNOW IT? Happened the SAME TIME as it did on that single Dutch Windows CA server & "4 out of 5 dentists CAN'T BE WRONG?"... Sure they can be, when 4/5 breaches OCCURRED ON LINUX SERVERS!

    APK

    P.S.=> How do your words taste, now that you have to "eat them", flavored with the "bitter taste of SELF-DEFEAT" as well as your FOOT IN YOUR MOUTH... Penguin-boy!

    ... apk