Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Opinion

DigiNotar reports security incident

August 2011 by Marc Jacob

VASCO Data Security International, Inc. comments on DigiNotar’s reported security incident. DigiNotar is a wholly owned subsidiary of VASCO.

On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.

Once it detected the intrusion, DigiNotar has acted in accordance with all relevant rules and procedures.

At that time, an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. After being notified by Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate.

The attack was targeted solely at DigiNotar’s Certificate Authority infrastructure for issuing SSL and EVSSL certificates. No other certificate types were issued or compromised. DigiNotar stresses the fact that the vast majority of its business, including his Dutch government business (PKIOverheid) was completely unaffected by the attack.

The company will take every possible precaution to secure its SSL and EVSSL certificate offering, including temporarily suspending the sale of its SSL and EVSSL certificate offerings. The company will only restart its SSL and EVSSL certificate activities after thorough additional security audits by third party organizations.

DigiNotar actively looks for quick and effective solutions for its existing (EV)SSL customers. The company expects to have a solution for its entire customer base before the end of this business week. DigiNotar expects that the cost of this action will be minimal.

The incident at DigiNotar has no consequences whatsoever for VASCO’s core authentication technology. The technological infrastructures of VASCO and DigiNotar are completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.

VASCO expects the impact of the breach of DigiNotar’s SSL and EVSSL business to be minimal. Through the first six months of 2011, revenue from the SSL and EVSSL business was less than Euro 100,000.

VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans.


See previous articles

    

See next articles












Security Vulnerability

Toutes nos news en Francais

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011