*>>**While I do get you point about the relative costs for services like digital certificates, we have no idea whether or not an appropriate level of revenues is being invested back into the security infrastructure. Yes, more expensive *should* mean something, but there's no way to be sure that it does. Our awareness of a breach doesn't mean it hasn't been going on for quite some time...* * * +1
I'm curious to see what will the future (immediate or otherwise) bring to both the business and technology of the CA/SSL cert industry. On Wed, Sep 7, 2011 at 12:32 PM, Andrew S. Baker <asbz...@gmail.com> wrote: > Until recently, DigiNotar also had a profitable business model to protect. > > So did RSA, for that matter. > > While I do get you point about the relative costs for services like digital > certificates, we have no idea whether or not an appropriate level of > revenues is being invested back into the security infrastructure. Yes, more > expensive *should* mean something, but there's no way to be sure that it > does. Our awareness of a breach doesn't mean it hasn't been going on for > quite some time... > > * * > > *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of > Technology for the SMB market… > > * > > > > On Wed, Sep 7, 2011 at 10:57 AM, Ken Schaefer <k...@adopenstatic.com>wrote: > >> And yet people ask: “why should I pay $x * 100 for a Verisign/etc. cert >> vs $x for a DigiNotar/etc. cert”. **** >> >> ** ** >> >> Yet, I suppose this is capitalism in action. There is not guarantee that >> Verisign is non-hackable, yet they have a profitable business model to >> protect. Each of us has to make a tradeoff to decide whether a cheaper price >> is worth the risk that too cheap a price is compromising due diligence on >> behalf of the CA**** >> >> ** ** >> >> *From:* Ziots, Edward [mailto:ezi...@lifespan.org] >> *Sent:* Wednesday, 7 September 2011 10:30 PM >> >> *To:* NT System Admin Issues >> *Subject:* RE: DigiNotar compromise**** >> >> ** ** >> >> Honestly, **** >> >> ** ** >> >> It doesn’t surprise me on this one, I am sure there are others that are >> just as bad or worse, that will get owned at sometime in the future and the >> same kind of stuff will be un-earthed. **** >> >> ** ** >> >> Z**** >> >> ** ** >> >> Edward E. Ziots**** >> >> CISSP, Network +, Security +**** >> >> Security Engineer**** >> >> Lifespan Organization**** >> >> Email:ezi...@lifespan.org**** >> >> Cell:401-639-3505**** >> >> [image: CISSP_logo]**** >> >> ** ** >> >> *From:* Tim Evans [mailto:tev...@sparling.com] >> *Sent:* Tuesday, September 06, 2011 4:02 PM >> >> *To:* NT System Admin Issues >> *Subject:* DigiNotar compromise**** >> >> ** ** >> >> If this is true, I find this absolutely unacceptable that a commercial CA >> would run a system like this. Incredible**** >> >> ** ** >> >> >> http://computer-forensics.sans.org/blog/2011/09/06/diginotar-incident-response-report-no-logging-weak-password-no-protected-network >> **** >> >> ** ** >> >> ** ** >> >> Tim Evans >> *Associate, Information Technology Manager* >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>
