HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Operation Black Tulip: Fox-IT's report on the DigiNotar breach
Fox-IT, the security auditors hired to investigate the compromise of DigiNotar, the digital certificate authority that signed fraudulent certificates for Google, the CIA and others, released their preliminary findings this afternoon.
It's at least as bad as many of us thought. DigiNotar appears to have been totally owned for over a month without taking action, and they waited another month to take necessary steps to notify the public.
Fox-IT's report shows that the initial compromise appears to have occurred on June 17th, 2011. On the 19th DigiNotar noticed the incident, but doesn't appear to have done anything about it. The first rogue certificate (as far as we know), *.google.com, was issued on July 10th, 2011. All of the other 530 rogue certificates were issued between July 10th and 20th.