DigiNotar files for bankruptcy.

This should provide a wake-up call to the industry.

diginotar website
logo: DigiNotar

The major web browser publishers (Mozilla, Microsoft, Google, and Apple) have removed the DigiNotar root certificate from their Certificate Trust Lists, following the theft of 500 of DigiNotar’s certificates. As a result, DigiNotar, a Dutch company, has filed bankruptcy. This is, while sad, a good thing, because it stresses how important it is that Certificate Authorities remain secure.

Wired Magazine published a good article with details of this affair. According to the article, the username that was hacked was Production/Administrator, whose password was Pr0d@dm1n. This password is only a slight variation of the username, which is a definite no-no. Yes, the password contains upper-case, lower-case, numeric, and punctuation characters, but it could have been guessed, and it’s only 9 characters long. Authorities recommend 12 characters or more. (Read Use Dropbox plus Keepass to store your passwords.) I wrote an article about DigiNotar’s breach a couple of days ago.

Tech Prognosis wrote a more detailed analysis of the DigiNotar breach, which highlighted DigiNotar’s poor IT practices.

For years, there were only a handful of Certificate Authorities, and there was little price competition between them. Now there are about 600 Certificate Authorities, and the competition is driving down the price of a certificate. I hope that the remaining Certificate Authorities take notice of what happened to DigiNotar and enforce strong internal security practices. We — and our bank balances — will be safer.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695
Advertisements

One thought on “DigiNotar files for bankruptcy.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s