Linked by HAL2001 on Tue 20th Sep 2011 21:48 UTC
Privacy, Security, Encryption After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, VASCO announced that DigiNotar, filed a voluntary bankruptcy petition and was declared bankrupt today. This is unsurprising, since a report issued by security audit firm Fox-IT, who has been hired to investigate the now notorious DigiNotar breach, revealed that things were far worse than we were led to believe.
Permalink for comment 490215
To read all comments associated with this story, please click here.
RE: No big surprise here.
by Lennie on Wed 21st Sep 2011 13:01 UTC in reply to "No big surprise here."
Lennie
Member since:
2007-09-22

Seems the encryption scheme behind old HTTPS-protocols in combination with current browser implementations might be broken as well:

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

We'll see what this really means on Friday.

The new protocols are from 2006 and I think support for it in IE started on Windows Vista.

I wonder if this means Microsoft will release an update of their SSL-library for Windows so IE will be fixed to.

An other problem Firefox and Chrome do not support the new protocols yet.

Opera supports it, but it is disabled by default, it is also disabled on IE on Vista and Windows 7 because it is not compatible with all webservers.

Some of the webservers (SSL and TLS/1.0) do not allow browser with newer protocols (TLS/1.1 and TLS/1.2) to connect.

Reply Parent Score: 2