Postmortems

Inside 'Operation Black Tulip': DigiNotar hack analysed (2012 CA breach)

The Register summarises Fox-IT’s postmortem of the security failings in a certificate authority which was breached and exploited to sign certs which compromised gmail access for many Iranians:

DigiNotar’s servers ran out-of-date software. Its network was poorly segmented, so problems would not be contained if they arose. Passwords in play at the time of the hack might easily have been guessed via brute-force attack. In addition, there was no secure logging and server-side anti-virus protection was absent.

DigiNotar’s shocking ineptness in securing its system, compounded with its failure to come clean on its problems in a timely fashion, have turned the firm into a security pariah.

Diginotar did not survive this encounter. As told by Slate:

On Saturday, Aug. 27, 2011, an Iranian man who went by the online alias alibo tried to check his email—only to find he couldn’t connect to Gmail. Yet the problem disappeared when he connected to a virtual private network that disguised his location. Whatever was going on, it seemed to only affect computer users in Iran.

His first hunch was that the problem might be somehow tied to the Iranian government—which was known for interfering with online activity—or a problem with his local internet service provider. So alibo posted a question about the issue on the Gmail Help Forum. Two days later, Google responded to this apparently small problem in a big way: It issued a public statement about the incident, attributing the problem to security issues at a Dutch company called DigiNotar. Within a month, DigiNotar had been taken over by the Dutch government. Not long after that, it declared bankruptcy and dissolved.

via Cloudflare blog