7th November 2011
KPN Certificate Authority Hacked
Dutch certificate authority KPN has announced that it will cease issuing certificate operations after discovering a security breach on one of its servers. The server in question, which has now been replaced, appears to have been infected with malware which could have caused it to particpate in Denial of Service botnet style attacks. A third party company is currently investigating the breach to understand if any certificates that have been issued by KPN could have been compromised.
This is just part of a slew of recent attacks against compaines issuing certificates and has prompted worldwide calls for a review of the entire certificate management process.
Barry Hesk