Another Dutch certificate authority halts business

Share this article:

Another Dutch-based SSL certificate authority has stopped issuing credentials following a security incident.

KPN Corporate Market, one of the Netherlands largest telecommunications and IT service providers, announced Friday in a news release (translated) that it has temporarily halted the issuance of certificates, pending an additional investigation. Already issued certs, however, remain valid.

A recent examination of a web server turned up "abuse" that may have happened up to four years ago, the company said. Hackers may have wanted to use the server to launch distributed denial-of-service attacks against their targets.

Even though KPN is unaware of any fraudulent certificates being issued as a result of the possible breach, the company appears to be taking no chances, especially in light of the DigiNotar collapse.

Also based in the Netherlands, DigiNotar, which is owned by U.S.-based Vasco, was responsible for issuing hundreds of phony credentials after a hacker breached its infrastructure. DigiNotar went bankrupt after reports emerged in August that it had issued a fake SSL certificate for Google, which appeared in the wild, presumably so Iranian users could be spied on.

In response to the incident, KPN has replaced the affected web servers. The company plans to conduct an investigation to determine that it meets all "required safeguards, procedures and rules applicable to the issue of internet safety certificates."

Kaspersky Lab senior virus analyst Roel Schouwenberg said he expects more certificate authorities to discover similar breaches and that it is unlikely anything major happened.

"If something had truly gone wrong, we would have all noticed it by now, wouldn't we?" he asked in a Friday blog post.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.