Dutch DigiNotar Servers Were Fully Hacked

ChristW writes "The final report that was handed to the Dutch government today indicates that all 8 certificate servers of the Dutch company DigiNotar were fully hacked. (Report PDF in English.) Because the access log files were stored on the same servers, they cannot be used to find any evidence for or against intrusion. In fact, blatant falsification has been found in those log files. A series of so-far unused certificates has also been found. It is unknown if and where these certificates have been used."

Bloody n00bs...

[fuzzyfuzzyfungus]

You would think that a company playing at something mildly important(like, oh being a CA for the Dutch government...) could, at very least, do basic things like store logs on WORM tape... Yes, those are overpriced compared to the normal ones; but they aren't that expensive.

Re:Bloody n00bs...

WORMs cost money... so does all security... I'm sure the contract was awarded to the lowest bidder.

Re:Bloody n00bs...

[Opportunist]

*sigh* Most likely, yeah.

Security is the stepchild of IT. They don't produce. Ok, so does a lot of IT, but at least with the rest of IT, management can somehow hope that eventually they can fire a couple of people. With ITSEC, no such luck. They don't streamline production (worse, they often bog it down), they don't make people redundant, in fact, they make more people necessary. Plus, those pesky, nosey security geeks keep peeking into every computer and might find out that the boss is surfing on pages containing gay llama porn.

It's sad but true, if you see two people sitting on a huge table in the crowded cafeteria and nobody wants to join them, and they're not talking with each other either, you know where security and controlling are.

But unlike controlling, it's pretty hard to make your boss understand the dangers of a security breach in IT.