DigiNotar, a Dutch certificate authority, has filed for bankruptcy protection only two weeks after a security audit...
found major lapses in the firm’s defenses, which resulted in a successful attack of its digital certificate systems.
A court in the Netherlands declared the company bankrupt on Tuesday and began managing the company as it proceeds through the bankruptcy process. A Trustee will supervise the liquidation of all DigiNotar assets, the firm’s parent company, VASCO Data Security International Inc., said in a statement.
“Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology,” T. Kendall Hunt, VASCO’s chairman and CEO, said in a statement.
Hunt said the PKI/identity verification technology acquired from DigiNotar would be integrated into VASCO’s core authentication platform. The company would also continue to cooperate with the Dutch government in its investigation of the breach, he said.
“We expect that a significant portion of the value assigned to the intellectual property acquired from DigiNotar to continue to have value as we incorporate the technology into our existing product line,” Hunt said.
The DigiNotar security breach echoed around the world, after researchers discovered that the attacker was able to get the firm to issue fraudulent SSL certificates for several high-profile sites, including Google. The attack enabled the Iranian-based hacker to potentially read Gmail messages. It also prompted browser makers to issue critical security updates, blacklisting the DigiNotar certificates. Hundreds of rogue DigiNotar digital certificates were created for other high-profile domains.
Security experts said the certificate authority breach and previous breaches, including one at a subsidiary of U.K.-based certificate authority, Comodo Ltd., highlight the weaknesses in the current digital certificate system. They say alternatives currently under development would be able to verify the authenticity of a website without using a digital certificate.
~Robert Westervelt, News Director
Dig Deeper on PKI and digital certificates