DigiNotar (and Potentially Many Iranians) Suffers Death by Microsoft

Dr. Roy Schestowitz

2011-09-21 17:23:14 UTC
Modified: 2011-09-21 17:23:14 UTC

Christ

Summary: Bankruptcy for a Dutch company that relied on Microsoft products while providing security/encryption services

A few weeks ago we wrote about DigiNotar, noting that Windows dependence caused a huge mess. DigiNotar has just died based on reports that say it filed for bankruptcy in The Netherlands. This not only cost a lot to other companies (and their reputation) but it also compromised the identity and activity of ~300,000 Iranian internet users, potentially leading to the death of some. The crack was caused by Cain and Abel, which according to Wikipedia is "a password recovery tool for Microsoft Windows. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks."

"Proprietary software hides code and also hides the weaknesses, which doesn't mean they are not still there."There is another incident worthy of being mentioned. Incidentally, on the face of it, "If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message," writes The Register. Apple+Microsoft Skype (proprietary)=insecurity.

This other new report from the same source says that "Apple has dropped a couple of monumental password security clangers with the release on OS X Lion, according to security blogger Patrick Dunstan."

Hey, at least it's shiny. Proprietary software hides code and also hides the weaknesses, which doesn't mean they are not still there. ⬆

Comments

twitter

2011-09-21 18:29:28

Pogson reports Apple's authentication changes have created gaping holes.

Every surrender of rights makes people less secure. In the non free world, "security" means protecting big companies from users not random malice and exploitation. Non free software, like prison, does not trade liberty for security and people who use it are always at the mercy of the software's owners.

Recent Techrights' Posts

2025 Will be Fought and Fraught With LLM Slop or Fake 'Articles' (Former Media/News Sites Turning to Marketing Spam): The elephant in the room?
Brittany Day Can Rest and Let Microsoft/Chatbots Write Fake 'Articles' About "Linux" This Christmas: Who said people don't work on Christmas? Chatbots or plagiarism-as-a-service work 24/7, every day of the year except during Microsoft downtimes
Microsoft Openwashing Stunts Initiative (OSI) is A Vulture in "Open" Clothing: it's quite telling that the OSI isn't protecting the Open Source Definition
Gemini Links 25/12/2024: Reality Bites and Gopher Thanks: Links for the day
Links 26/12/2024: Japan-China Mitigations and Mozambique Prison Escape (1,500 Prisoners): Links for the day
Links 26/12/2024: Ukraine's Energy Supplies Bombed on Christmas Day, Energy Lines Cut/Disrupted in the Baltic Sea Again: Links for the day
Gemini Links 26/12/2024: Rot Economy, Self-hosted Tinylogs: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 25, 2024: IRC logs for Wednesday, December 25, 2024
[Meme] Time to Also Investigate Bill Gaetz: Investigation overdue
IBM Has Almost Obliterated or Killed the Entire Fedora Community (Not IBM Staff): Remaining Fedora insiders are well aware of this, but bringing this up (an "accusation" against IBM) might be a CoC violation
Links 25/12/2024: Fentanylware (TikTok) Scams and "Zelle Scams Lead to $870M Loss": Links for the day
Links 25/12/2024: Windows TCO Brought to SSH, Terence Eden 'Retires': Links for the day
Links 25/12/2024: Latest Report Front Microsoft Splinter Group, War Updates: Links for the day
Links 25/12/2024: Hong Kong Attacks Activists During Holidays, Xerox to Buy Lexmark: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 24, 2024: IRC logs for Tuesday, December 24, 2024
Gemini Links 25/12/2024: Open Source Social and No Search: Links for the day
Brittany Day Connects Windows Ransomware to "Linux" Using Microsoft LLMs (FUD Galore, Zero Effort, No Accountability): FUD and misinformation made by Microsoft LLMs again?
Links 24/12/2024: Labour Strikes and TikTok Scrambling to Prop Up Radical Politicians That Would Protect TikTok: Links for the day
Where the Population is Controlled by Skinnerboxes Inside People's Pockets (or Purses): A very small fraction of mobile users practise or exercise freedom/control over the skinnerbox
[Meme] Coin-Operated Publishers (Gaming the Message, Buying the Narrative): Advertise (sponsor) to 'play'
Advertisers and Their Covert Impact on Publications' Output (or Writers' Topics of Choice, as Assigned or Approved by Editors): It cannot be trivially denied that sponsorship in the form of "advertising" impacts where publishers go (or don't go, won't go)
Terrible Year for Microsoft Windows in Cyprus: down from 86% to 72% since January
[Meme] How to Kill Unions (Staff on Shoestring Budget Cannot Afford Lawyers): What next for the EPO? "Gig economy"?
The EPO's Staff Union (SUEPO) Takes Legal Action to Rectify the Decrease in Wages (Lessening of Purchasing Power): here is what the union published
Gemini Links 24/12/2024: Deedum Gemini Client Gets Colour Support, Advent of Code 2024: Links for the day
Microsoft Windows Slides to New Lows in Colombia: Now Windows is at an all-time low
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, December 23, 2024: IRC logs for Monday, December 23, 2024