Diginotar declared bankrupt - SANS Internet Storm Center

Diginotar declared bankrupt
In the latest installment of this seemingly never-ending saga, a Dutch court in Haarlem (NL) declared DigiNotar bankrupt. Read more: http://www.rechtspraak.nl/Organisatie/Rechtbanken/Haarlem/Nieuws/Pages/FaillissementDiginotarBV.aspx [Dutch] http://www.vasco.com/company/press_room/news_archive/2011/news_vasco_announces_bankruptcy_filing_by_diginotar_bv.aspx The CA business is all about selling trust. After all a CA is supposed to be a trusted third party. Let's hope all the remaining ones get the right message: it's not about not getting caught being hacked. On the contrary: it's about doing the right thing once you have been hacked. Let's hope it leads to more transparency and public scrutiny of the CAs we trust explicitly or implicitly though the choice of some of our vendors. -- Swa Frantzen -- Section 66	Swa 760 Posts Sep 20th 2011
Thread locked Subscribe	Sep 20th 2011 1 decade ago
I'm surprised they are bankrupt - but only because others in their situation haven't gone bankrupt. When Verisign gave out 2 certs for Microsoft to someone who walked in off the street in 2001, I figured Verisign would go out of business since all they were selling was trust, and they had a complete failure of their business. I thought - how could anyone every trust them again - they only do one thing and they've proven they can't do that right. Instead, they issused a quick "I'm sorry" and then went about business as usual. So I'm surprised that Diginotar is bankrupt because other CA's have totally screwed up and survived just fine.	Anonymous
Quote	Sep 20th 2011 1 decade ago
So, what gives a good indicator that the parent company, VASCO can be trusted? Given my experience with the corporate world, what's happening at a subsidiary can often be a good indicator of the business practices of the parent. Justify us trusting the parent company on this one.	Anonymous
Quote	Sep 20th 2011 1 decade ago
I'm pretty sure that if you were a car salesman in a similar situation (you can sell cars but those cars cannot be used on public roadways) you'd go bankrupt as well. No one will buy a certificate if the major OSes and browsers all do not recognize them as a trusted source.	Anonymous
Quote	Sep 20th 2011 1 decade ago
Three words: Internet death penalty	Anonymous
Quote	Sep 21st 2011 1 decade ago
This would appear to be an example the worst-case impact that we've avoided in our risk assessments, now realized: Your business will be critically (fatally) damaged due to insufficient security and a resultant breach. What gets me is that for many years in the last decade, FUD was frowned upon. Now, thanks to polymorphic malware, advanced threats, and highly organized malefactors, FUD is what's being sold (and bought), even from many of the most credible sources in this field.	Anonymous
Quote	Sep 22nd 2011 1 decade ago