KPN has Friday hastily decided the issue of certificates to strike after it became clear that one of the servers of the former Getronics may be abused. According to KPN, the server is prepared for a ddos attack.
KPN has a third-party command is given, the log files of the server to further analyze. The potentially compromised web server has been replaced. According to KPN, the company has an audit traces that the server is prepared for a ddos attack. It is not known whether the attack is actually performed via the server of the company.
The tracks were discovered during an investigation. “In the light of the recent developments surrounding the safety of websites, digital counters and internetcertificaten by KPN and by external parties additional investigations, which at a still deeper level, analyzed,” said KPN in a Friday afternoon statement issued. “In the course of this research are in the server of the website where businesses can go for information about certificates, traces which could indicate abuse, four years ago.”
The telecommunications company says are no indications that the production of the certificates is compromised, but says it also not entirely to close. The research here is more information about. Already issued certificates, including the recently issued certificates for DigiD after the DigiNotar debacel, is still valid. KPN has said some of the hundreds of certificates issued. Companies that a certificate had requested, about the developments informed.
The ministry of the Interior and kingdom relations and overheidsautomatiseerder Logius are closely involved in the research, that the coming days will be carried out. The results of the research in the first half of next week expected.
Earlier was much controversy when it was discovered that attackers using the Short company DigiNotar had managed fake certificates to give out. An Iranian hacker was this year, the Dutch ssl authority DigiNotar and knew this hundreds of falsified certificates. The criticism on the actions of DigiNotar was great and the company eventually went bankrupt.
Security companies advocate as a response to the problems for security standards. Think further of the Dutch parliament after the establishment of a so-called ‘ict-fire’.