Official Blog‎ > ‎

Netherlands CAs are compromised, Malaysian reseller is affected

posted Nov 14, 2011, 7:36 AM by Softhinker Qin   [ updated Nov 14, 2011, 5:45 PM ]
 
KPN, the largest CA in Holland, stopped issuing its SSL certificates after discovering a DDoS(Distributed Denial-of-service) tool on one of its web servers, according to its statement on November 4th 2012.

Actually, since June, the only major CA that was compromised is another Dutch CA DigiNotar where more than 500 fraudulent certificates had been issued to high-profile sites, such as google.com and the Website for the Central Intelligence Agency. 

The KPN breach is a problem for many users as many of them moved to KPN after DigiNotar came clean about the certificates and all major Web browsers revoked the root certificate. DigiNotar filed for bankruptcy last month.

Entrust, Malaysia-based DigiNotar reseller, had issued 22 certificates with weak 512-bit keys after KPN announcement. Since the weak keys in the certificate could be exploited to allow an attacker to impersonate the legitimate owner and trick the user into thinking the Website or software was legitimate, Microsoft will update Internet Explorer to revoke trust in Digicert Malaysia, and Mozilla, Chrome, Safari had done the same in their recent updates.

Source : More CAs Report Breaches, Suspend Issuing SSL Certificates

在2012年11月4日的声明中,荷兰最大的证书机构(CA)KPN停止发布SSL证书,因为在其网络服务器上发现了“分布式拒绝服务DDoS”的病毒。

实际上,自从今年六月,另一个荷兰的证书机构DigiNotar也被攻击,结果超过500个被攻破的证书已经被发布给了著名的网站,比如Google和CIA。

KPN的沦陷对于很多用户来说是一个灾难,因为这些用户在DigiNotar的出问题后纷纷转向了KPN,而DigiNotar则在上个月宣布了破产。

受影响的是Entrust公司,它是一家马来西亚的证书机构,也是DigiNotar的当地代理。在KPN宣布自己被攻击后,它已经发布出去了22个有问题的证书,这些证书由安全性较弱的512bit密钥签名,所以这些证书可能会被黑客破解,然后假扮成合法的证书发布商,并安装在自己的病毒网站或者软件中,引诱用户点击或使用。微软IE浏览器已经取消了来自于马来西亚Digicert的证书信任,Mozilla,Chrome,Safari也在最近的浏览器更新中做了相同的动作。

来源 : More CAs Report Breaches, Suspend Issuing SSL Certificates
Comments