'Hacked server' claims another certificate authority casualty - KPN

http://i.zdnet.com/blogs/kpn-website-hack-lc-zaw2.jpg

Dutch certificate authority KPN has issued a statement, confirming that it will cease issuing operations after a security breach was discovered.

KPN, formerly known as Getronics, which issues SSL-certificates to validate the authenticity of secure websites, will cease issuing certificates after one of its servers had been hacked, thought to be as far back as four years ago.

It’s another major blow to the integrity of the web, only a month since Dutch certificate authority Diginotar was hacked, potentially compromising the security of websites belonging to the Dutch government, Google, Facebook and even state intelligence services. In the statement, while “existing certificates already issued remain valid”, it cannot rule out that the production of certificates — including pre-existing certificates — have not been compromised.