Issuer of rogue Google certs files for bankruptcy

DigiNotar, the company that issued several rogue security certificates that were capable of compromising secure Web communications, according to a press statement by its parent company. Vasco Data Security International, DigiNotar's parent firm, said that DigiNotar filed a voluntary bankruptcy petition in the Haarlem District Court (Netherlands). “Although we are saddened by this action and the circumstances that necessitated it. we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business," said T. Kendall Hunt, VASCO’s Chairman and CEO. Vasco said the Court appointed a bankruptcy trustee and a bankruptcy judge to manage all affairs of DigiNotar as it proceeds through the bankruptcy process. The Trustee will work under the supervision of the Judge and be responsible for the administration and liquidation of DigiNotar, Vasco said. It said the Trustee has taken over the management of DigiNotar’s business activities. Hunt said Vasco will cooperate with the Trustee and the Judge to the fullest extent reasonably practicable to bring the affairs of DigiNotar to an appropriate conclusion for its employees and customers. "We also plan to cooperate with the Dutch government in its investigation of the person or persons responsible for the attack on DigiNotar," he said. “We want to emphasize that the bankruptcy filing by DigiNotar, which was primarily a certificate authority, does not involve VASCO’s core two-factor authentication business," added Jan Valcke, Vasco President and COO. He added they do not plan to re-enter the certificate authority business in the near future, but expect to be able to integrate the PKI/identity verification technology acquired from DigiNotar into its core authentication platform. "As a result, we expect to be able to offer a stronger authentication product line in the coming year to our traditional customers," he said. Cliff Bown, VASCO’s Executive Vice President and CFO, said they are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible. A blog entry by computer security firm Sophos said there may not be many who will be mourning its loss. "It's unlikely that many people are going to shed many tears over the demise of DigiNotar. The firm lost all trust when when it was discovered that it had known that it had suffered a security breach weeks before coming clean about the problem," it said. Sophos noted the fraudulent certificates were issued in the name of major web properties such as Facebook, Twitter, Microsoft and Google; and even in the name of intelligence agencies such as the Mossad and the CIA). — TJD, GMA News