σχόλιο ID-ont: Η Ολλανδική Ηλεκτρονική Διακυβέρνηση έχει προβλήματα ασφαλείας, ενώ η Ελληνική Ηλεκτρονική Διακυβέρνηση (και η Κάρτα του Πολίτη που θα την συνοδεύει) θα είναι ασφαλέστατη!!!
Που'σαι Ολλανδία να μας δεις. Μας δανείζεις τα € σου (μέσω του Μνημονίου) κι εμείς θα κάνουμε θαύματα με τα λεφτά σου! Θα τρίβεις τα μάτια σου μαζί μας...
Εκπρόσωπος της Ολλανδικής Κυβέρνησης δήλωσε ότι δεν μπορούν να εγγυηθούν για την ασφάλεια των ιστοσελίδων τους, λίγες μέρες μετά την παραβίαση της εταιρείας (DigiNotar) έκδοσης ψηφιακών πιστοποιητικών που χρησιμοποιούν για να πιστοποιήσουν τα συστήματά τους.
Ο εκπρόσωπος δήλωσε επίσης ότι η κυβέρνηση θα σταματήσει τη συνεργασία με την εταιρεία. Η ανακοίνωση αυτή θα έχει επιπτώσεις σε εκατομμύρια ανθρώπους που χρησιμοποιούν ηλεκτρονικές δημόσιες υπηρεσίες της Ολλανδίας και στηρίζονται σταπιστοποιητικά της DigiNotar, για να επιβεβαιώσουν ότι επισκέπτονται τις σωστές ιστοσελίδες.
Μέχρι σήμερα, ωστόσο δεν υπήρξαν αναφορές για κλοπή στοιχείων ταυτότητας από κάποιον χρήστη ή άλλου είδους ηλεκτρονική παραβίαση. Η κυβέρνηση δεν απαγορεύει στους πολίτες να χρησιμοποιούν τις online υπηρεσίες του δημοσίου, αλλά τους ενημερώνει ότι θα πρέπει να λάβουν σοβαρά υπόψη τα προειδοποιητικά μηνύματα που θα τους εμφανίζονται στην οθόνη από τους περιηγητές ή άλλο λογισμικό ασφάλειας που υπάρχει στον υπολογιστή τους.
Dutch government struggles with DigiNotar hack - Replacing SSL certificates will take time
IDG News Service - The Dutch
government is trying to minimize the effect of the DigiNotar hack on its IT
infrastructure but warned it's a time-consuming process: Not all the SSL
certificates can be replaced on the fly.
Piet Hein Donner, minister of the interior, said
in a press conference on Tuesday that the government will work as quickly as
possible to replace all the DigiNotar SSL certificates in use. However, if the
certificates are withdrawn immediately it will be damaging, he warned.
"It particularly concerns the fully automated communication between
computers," Donner said. If the certificates are withdrawn right now it would
disturb or even block Machine-to-Machine (M2M) communication. That is why the
Dutch government chose a "phased and controlled" migration to other
certificates. While website certificates should be replaced by Saturday, he
said, replacing those involved in M2M communication will take longer.
For the same reason, Microsoft agreed on Tuesday to
postpone an automatic software update for the Netherlands that revokes the
trust in all DigiNotar certificates for one week. Next week the software update
will be rolled out in the Netherlands with an opt-out option. Companies who want
to implement the software update this week have to do that themselves. According
to Donner this ensures there is no significant disturbance in digital
communications in the Netherlands.
On Sept. 2, the Dutch government announced in a night-time press conference,
the first in Dutch IT history, that all DigiNotar certificates were to be banned
and replaced. According to a
report by the security firm Fox-IT published on Monday, 531 fraudulent
certificates were issued after DigiNotar was hacked from an Iranian IP address
in June. The firm also found proof that the "DigiNotar PKIoverheid CA"
certificates the Dutch government uses were compromised. Fox-IT found no
evidence that government certificates were misused.
Ronald Prins, CEO of Fox-IT, said on the Dutch television show "Nieuwsuur" on
Monday that the real damage for Dutch citizens was limited, but that the
implications could have been big. DigiNotar was used for DigiD, an identity
management platform used by Dutch government agencies including the Tax and
Customs Administration. Hackers could have monitored DigiD traffic and would
even be able to manipulate tax filings if they wanted to.
The government replaced the DigiNotar DigiD certificates with PKIoverheid CA
certificates from Getronics PinkRoccade, one of the seven (including DigiNotar)
SSL certificate providers the government uses. Other problems occurred with the
systems of the Rijksdienst voor het Wegverkeer (RDW), which handles vehicle
registrations and inspections in the Netherlands. The RDW switched to VeriSign
certificates but still has to use DigiNotar for M2M communication, spokesperson
Sjoerd Weiland told the Dutch IDG news site Webwereld
on Monday.
According to Weiland it is impossible to say when the switch from DigiNotar
to another CA can be done. Every business connected to the RDW, including the
police and insurance companies, has to switch to new certificates at the same
time to prevent the total collapse of all M2M communication. Local governments
could have the same problem as the RDW. Minister Donner said there are "some
disturbances" in communications between the RDW and local governments.
Dutch financial transactions, Amsterdam's Schiphol airport and the national
railways were not affected. "Although several sectors are meanwhile suffering
from disruptions, major uncontrollable problems have not appeared to date,"
Minister Donner and Minister Ivo Opstelten of Public Safety and Justice stated
in a letter to the lower house of Parliament. In total DigiNotar issued 57,956
certificates in different sectors in the Netherlands.
Because DigiNotar was hacked in June and the company knew about the hack
shortly afterward but did not inform the Dutch government, the attorney general
has begun an investigation to determine if DigiNotar can be held formally
responsible for the ongoing crisis. Telecom watchdog OPTA is also investigating
DigiNotar. That investigation is aimed at the way the certificates were issued.
According to Weiland it is impossible to say when the switch from DigiNotar
to another CA can be done. Every business connected to the RDW, including the
police and insurance companies, has to switch to new certificates at the same
time to prevent the total collapse of all M2M communication. Local governments
could have the same problem as the RDW. Minister Donner said there are "some
disturbances" in communications between the RDW and local governments.
Dutch financial transactions, Amsterdam's Schiphol airport and the national
railways were not affected. "Although several sectors are meanwhile suffering
from disruptions, major uncontrollable problems have not appeared to date,"
Minister Donner and Minister Ivo Opstelten of Public Safety and Justice stated
in a letter to the lower house of Parliament. In total DigiNotar issued 57,956
certificates in different sectors in the Netherlands.
Because DigiNotar was hacked in June and the company knew about the hack
shortly afterward but did not inform the Dutch government, the attorney general
has begun an investigation to determine if DigiNotar can be held formally
responsible for the ongoing crisis. Telecom watchdog OPTA is also investigating
DigiNotar. That investigation is aimed at the way the certificates were issued.
1 σχόλια:
Κβαντικό τσιπάκι!
http://www.pentapostagma.gr/2011/09/blog-post_5897.html
Δημοσίευση σχολίου