Ben Laurie blathering

Who Remembers VASCO?

When I talk to people about what I’m doing, I usually mention the DigiNotar fiasco. I’m often surprised by how many people remember it, especially those not involved in security – and often not particularly technical.

DigiNotar, of course, no longer exists as a result of this incident. But who remembers VASCO, the company that owned DigiNotar? No-one, as far as I can tell. Apparently they suffer not at all from their incompetence.

I particularly love their press release

VASCO expects the impact of the breach of DigiNotar’s SSL and EVSSL business to be minimal. Through the first six months of 2011, revenue from the SSL and EVSSL business was less than Euro 100,000. VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plans.

Well, they were not wrong there!


  1. You missed the CYA: These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective” and “goal”, “possible”, “potential”, and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events.

    Comment by Jasvir Nagra — 23 Aug 2012 @ 15:36

  2. […] the other hand, the SSL industry has not been idle since 2011. The attacks on Comodo and Vasco/DigiNotar highlighted some vulnerabilities. There were also known certificate management issues as […]

    Pingback by SSL News from Black Hat and DEF CON « SSL Blog - Entrust Insights — 28 Aug 2012 @ 14:25

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress