September 20, 2011, 1:25 PM — The theft of SSL certificates from Dutch certificate authority DigiNotar so undermined trust in the company that it has gone bankrupt.
Responsible for taking down the company is a single attacker, believed to be in Iran, who stole more than 500 certificates used to authenticate sites that make secure connections via SSL. DigiNotar was the primary certificate authority used by the Dutch government.
DigiNotar filed for bankruptcy yesterday and a Dutch court approved the filing today. Trustees were appointed to liquidate its assets, according to a statement by DigiNotar's parent company, Vasco.
MORE ON SECURITY CERTIFICATES: Former cybersecurity czar Clarke says smartphones, digital certificates create huge security problems
The industry has been running from DigiNotar since the breach was made public Aug. 29, more than two months after the company discovered an attack. Microsoft has blacklisted all DigiNotar digital certificates, deeming them untrusted. Google and Mozilla had already blacklisted the company's certificates, and the TOR project has recommended rejecting all DigiNotar certificates.
The parent company Vasco can be added to the list of firms distancing themselves from DigiNotar. "We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology," says T. Kendall Hunt, Vasco's chairman and CEO, in a written statement. "The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business."
The sentiment was backed up by company COO Jan Valcke. "We want to emphasize that the bankruptcy filing by DigiNotar, which was primarily a certificate authority, does not involve VASCO's core two-factor authentication business," he says. "While we do not plan to re-enter the certificate authority business in the near future, we expect that we will be able to integrate the PKI/identity verification technology acquired from DigiNotar into our core authentication platform. As a result, we expect to be able to offer a stronger authentication product line in the coming year to our traditional customers."