More on the DigiNotar compromise

Diginotar 

The Tor project web site has an interesting update on the recent compromise of the DigiNotar CA that resulted in hundreds of bogus certificates being issued. Part of that update is a spreadsheet (CSV) of the 531 known bad certs, including which CA issued them, their serial number, the domain that the cert was for, etc.

In addition to bogus SSL certs for companies like Google, Microsoft, Twitter and FaceBook, there were also bogus certs issued for things like "VeriSign Root CA," "Comodo Root," and "Thawte Root CA." A total of 187 of the 531 bad certs actually have "Root CA" in their common name.

And there were even bad certs issued for *.*.com and *.*.org!

There's the interim report that was written by consultants hired by DigiNotar that you can get here (PDF). It looks like the DigiNotar systems weren't as secure as they could have been. As this report says,

The most critical servers contain malicious software that can normally be detected by anti-virus software. The separation of critical components was not functioning or was not in place. We have strong indications that the CA-servers, although physically very securely placed in a tempest proof environment, were accessible over the network from the management LAN.

D'oh!

The investigation into this incident isn't fnished yet, so there may be more interesting news about it in the future. Maybe we'll find our exactly how this happened.

Leave a Reply

Your email address will not be published. Required fields are marked *