KPN starts again carefully is secure. Only current customers can, however, request certificates; new customers have to wait a while. Friday stopped KPN for reasons of safety with the issue.
Friday it became known that one of the servers of the former Getronics possible had been abused and that KPN, the issuance of security certificates stopped. On the affected server was code found that is possible for a ddos attack could be used. The server was immediately replaced, but as a precaution, an external audit is carried out before the issue was resumed.
From that audit is shown that the systems ‘completely safe’, writes KPN. Existing customers can now view the new certificates and existing certificates to manage. New customers can that not yet; the website where they can get help, is still subject to ‘additional tests’ and must start again next week.
Initially said KPN could not exclude the possibility that the environment for the request of certificates was affected, but that seems not to be so. “In the course of this research are in the server of the website where businesses can go for information about certificates, traces that may indicate abuse, four years ago,” wrote the company Friday.
It is not clear whether the affected server is actually abused for a ddos attack and why it took four years before KPN behind the potential abuse. The potential vulnerability to light during an external audit, undertaken on the initiative of the government at KPN, was carried out. The research was started as a result of the DigiNotar incident, where a Short certificate authority after a hack hundreds of fake ssl certificates issued. Why the potential problem until after four years came to light is unclear.