KPN Certificate Authority Hacked

7th November 2011

KPN Certificate Authority Hacked

Dutch certificate authority KPN has announced that it will cease issuing certificate operations after discovering a security breach on one of its servers. The server in question, which has now been replaced, appears to have been infected with malware which could have caused it to particpate in Denial of Service botnet style attacks. A third party company is currently investigating the breach to understand if any certificates that have been issued by KPN could have been compromised.

This is just part of a slew of recent attacks against compaines issuing certificates and has prompted worldwide calls for a review of the entire certificate management process.

Barry Hesk

Researchers find “massive” security flaws in cloud architectures

October 27th 2011

Researchers find “massive” security flaws in cloud architectures

Very interesting article published by Network World today highlighting the massive security flaws discovered in many cloud architectures.
The full article is here

Moving services to the cloud can save businesses money and can convert capex costs to ongoing opex, however major consideration does need to be given in the critical areas of security of your data, and service availability. The preceding article suggests that the integrated security architectures of some cloud services is not as good as the vendors would like you to think they are.

Barry Hesk