In association with heise online

08 December 2011, 17:00

Dutch PKI provider's web site security breach under investigation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Broken security icon The web site of Gemnet, subsidiary of KPN and provider of PKI certificates to the Dutch government, succumbed to a hacker's attack according to Webwereld reportsDutch language link. It appears that the attackers gained access to a database on the server managed by a PHPMyAdmin instance which was not protected by a password. The attacker then used this web access to get to the database without a password. The company was informed that it was leaking information on Wednesday night and has been taken off the air by parent company KPN, who then launched an investigation.

KPN said in a statementDutch language link that the hacker was only able to access publicly available information. It also added that Gemnet does not issue digital certificates. Gemnet CSP, a separate company that does issue certificates for the Dutch government was also taken offline following the discovery of the attack.

Another of KPN's subsidiaries was taken offline in November when it was discovered that a server at the certificate authority, KPN Corporate Market, had been compromised for as long as four years. The Dutch government are reported to have launched their own investigation into the compromise. Earlier this year a compromise at DigiNotar, another Dutch supplier of SSL certificates which had lax security, saw the Dutch government take over the company which was eventually bankrupted.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit