News

DigiNotar files bankruptcy protection in wake of certificate breach

SearchSecurity.com Staff

DigiNotar, a Dutch certificate authority, has filed for bankruptcy protection only two weeks after a security audit found major lapses in the firm’s defenses, which

    Requires Free Membership to View

resulted in a successful attack of its digital certificate systems.

A court in the Netherlands declared the company bankrupt on Tuesday and began managing the company as it proceeds through the bankruptcy process. A Trustee will supervise the liquidation of all DigiNotar assets, the firm’s parent company, VASCO Data Security International Inc., said in a statement.

“Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology,” T. Kendall Hunt, VASCO’s chairman and CEO, said in a statement.

Hunt said the PKI/identity verification technology acquired from DigiNotar would be integrated into VASCO’s core authentication platform. The company would also continue to cooperate with the Dutch government in its investigation of the breach, he said.

“We expect that a significant portion of the value assigned to the intellectual property acquired from DigiNotar to continue to have value as we incorporate the technology into our existing product line,” Hunt said.

The DigiNotar security breach echoed around the world, after researchers discovered that the attacker was able to get the firm to issue fraudulent SSL certificates for several high-profile sites, including Google. The attack enabled the Iranian-based hacker to potentially read Gmail messages. It also prompted browser makers to issue critical security updates, blacklisting the DigiNotar certificates. Hundreds of rogue DigiNotar digital certificates were created for other high-profile domains.

Security experts said the certificate authority breach and previous breaches, including one at a subsidiary of U.K.-based certificate authority, Comodo Ltd., highlight the weaknesses in the current digital certificate system. They say alternatives currently under development would be able to verify the authenticity of a website without using a digital certificate.

~Robert Westervelt, News Director


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: