Another Dutch certificate authority halts business
SC Magaine, By: Dan Kaplan
Another Dutch-based SSL certificate authority has stopped issuing credentials following a security incident.
KPN Corporate Market, one of the Netherlands largest
telecommunications and IT service providers, announced Friday in a news
release (translated) that it has temporarily halted the issuance of
certificates, pending an additional investigation. Already issued certs,
however, remain valid.
A recent examination of a web server turned up "abuse" that may have
happened up to four years ago, the company said. Hackers may have wanted
to use the server to launch distributed denial-of-service attacks
against their targets.
Even though KPN is unaware of any fraudulent certificates being
issued as a result of the possible breach, the company appears to be
taking no chances, especially in light of the DigiNotar collapse.
Also based in the Netherlands, DigiNotar,
which is owned by U.S.-based Vasco, was responsible for issuing
hundreds of phony credentials after a hacker breached its
infrastructure. DigiNotar went bankrupt after reports emerged
in August that it had issued a fake SSL certificate for Google, which
appeared in the wild, presumably so Iranian users could be spied on.