Official Blog‎ > ‎

Netherlands CAs are compromised, Malaysian reseller is affected

posted Nov 14, 2011, 7:36 AM by Softhinker Qin   [ updated Nov 14, 2011, 5:45 PM ]
KPN, the largest CA in Holland, stopped issuing its SSL certificates after discovering a DDoS(Distributed Denial-of-service) tool on one of its web servers, according to its statement on November 4th 2012.

Actually, since June, the only major CA that was compromised is another Dutch CA DigiNotar where more than 500 fraudulent certificates had been issued to high-profile sites, such as and the Website for the Central Intelligence Agency. 

The KPN breach is a problem for many users as many of them moved to KPN after DigiNotar came clean about the certificates and all major Web browsers revoked the root certificate. DigiNotar filed for bankruptcy last month.

Entrust, Malaysia-based DigiNotar reseller, had issued 22 certificates with weak 512-bit keys after KPN announcement. Since the weak keys in the certificate could be exploited to allow an attacker to impersonate the legitimate owner and trick the user into thinking the Website or software was legitimate, Microsoft will update Internet Explorer to revoke trust in Digicert Malaysia, and Mozilla, Chrome, Safari had done the same in their recent updates.

Source : More CAs Report Breaches, Suspend Issuing SSL Certificates





来源 : More CAs Report Breaches, Suspend Issuing SSL Certificates