KPN Server Compromised, SSL Authority Stops Issuing Certificates

Netherlands-based KPN Corporate Market said it was taking the action while it investigated the compromise, which may have taken place as long as four years ago. The breach came to light after tools for waging distributed denial-of-service attacks were found on its network.
The certificate authority (CA) belonging to KPN Corporate Market, a subsidiary of Dutch telecommunications provider KPN, has announcedDutch language link that it has stopped issuing Secure Socket Layer (SSL) certificates because hackers bypassed the CA's security mechanisms and compromised one of its servers. When performing a thorough review that was prompted by other recent Certificate Authority break-ins, the CA discovered programs which are used for DDOS attacks on other computers. The evidence discovered so far indicates that the break-in at KPN happened four years ago and has remained undetected since then.
KPN said that previously issued certificates are unlikely to have been compromised, but that the possibility can't be ruled out completely. Nevertheless, these certificates will remain valid for the time being. As a precautionary measure, the telecommunications provider has replaced its web servers. KPN will also not issue any further SSL certificates until the break-in has been fully investigated.
In a similar incident, last Thursday Microsoft and Mozilla revoked their trust in all certificates issued by the Malaysian Digicert CA. 22 certificates issued by this CA were found to use weak 512-bit keys and lack certain certificate extensions as well as revocation information.

-News Source (The Register, The H)


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...