Home » In Other News

DigiNotar Report Released

Posted 5 Sep 2011 | Comments Off on DigiNotar Report Released | 1,696 views

Fox-IT has released a report on their investigation of the DigiNotar certificate authority hack. The intent of the initial investigation is to determine the initial attack vector and the scope of the attack. According to a statement on July 26th from parent company Vasco, the attack was detected on July 19th. During a routine security check, staff detected 128 fake certificates and revoked them. The next day another 129 fake certificates were issued, and these were revoked on July 21st. Fox-IT became involved on August 30th.

According to the report, fake SSL certificates were issued from six certificate authorities. The servers hosting these certificate authorities were all members of the same Windows domain, and the attacker was able to obtain domain administrator rights. The report indicates that some security defenses were in place at the time of the attack, but they were inadequate or unable to protect the servers.

The Dutch government has taken over the operations of DigiNotar.  All of the fake SSL certificates are believe to have been revoked. Some have taken the additional step to remove the DigiNotar CA certificates from their local certificate stores. This will be problematic for sites which utilize SSL certificates from DigiNotar. Tools like Convergence are hoping to give end users access more dynamically updated certificate authority lists. In any case, trust and confidence in the DigiNotar certificate authority will need to be rebuilt.

Comments are closed.