The theft of SSL certificates from Dutch certificate authority DigiNotar so undermined trust in the company that it has gone bankrupt.

Responsible for taking down the company is a single attacker, believed to be in Iran, who stole more than 500 certificates used to authenticate sites that make secure connections via SSL. DigiNotar was the primary certificate authority used by the Dutch government.

DigiNotar filed for bankruptcy yesterday and a Dutch court approved the filing today. Trustees were appointed to liquidate its assets, according to a statement by DigiNotar’s parent company, Vasco.

The industry has been running from DigiNotar since the breach was made public August 29, more than two months after the company discovered an attack. Microsoft has blacklisted all DigiNotar digital certificates, deeming them untrusted. Google and Mozilla had already blacklisted the company’s certificates, and the TOR project has recommended rejecting all DigiNotar certificates.

The parent company Vasco can be added to the list of firms distancing themselves from DigiNotar. “We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology,” says T. Kendall Hunt, Vasco’s chairman and CEO. “The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.”

The sentiment was backed up by company COO Jan Valcke. “We want to emphasise that the bankruptcy filing by DigiNotar, which was primarily a certificate authority, does not involve VASCO’s core two-factor authentication business,” he says. “While we do not plan to re-enter the certificate authority business in the near future, we expect that we will be able to integrate the PKI/identity verification technology acquired from DigiNotar into our core authentication platform. As a result, we expect to be able to offer a stronger authentication product line in the coming year to our traditional customers.”

The attacker cracked into DigiNotar’s network and issued false certificates that could be used to verify the authenticity of phony sites that appeared to be run by the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft’s Windows Update service.

In addition to delaying public notification of the breaches and acknowledging some of the stolen certificates, DigiNotar followed up by announcing it had overlooking hundreds of other stolen certificates.

Meanwhile, Vasco still has no idea how much financial damage the hacker wrought on DigiNotar. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible,” said Cliff Bown, Vasco’s executive vice president and CFO.

The International Monetary Fund now joins Citibank, Sony, Nintendo and other high profile targets as the latest victim of an attack by hackers. This is all starting to seem just a little ridiculous.

Senior officials told the New York Times that during the past few months, the IMF suffered “a very major” security breach. However, it was only last week that IMF staffers were informed of the incident; a delayed response tactic that’s been common among several other compromised companies.

Computer experts think that the breach may have been made possible by a trick known as “spear phishing,” wherein an unsuspecting target clicks a web link inside an e-mail or instant message that appears to be legitimate but has actually been sent from an untrustworthy source. There’s speculation that someone may have been duped into unknowingly installed malicious software that granted attackers access to the IMF’s internal network.

The attack, which has been called “sophisticated,” also has alarmed the World Bank, which shares information with the IMF—so much, in fact, that the World Bank ended up cutting its data link with the IMF as a precautionary measure. Things have reportedly resumed back to normal, though.

The IMF contains sensitive economic data for several countries “on the brink of crisis,” says the New York Times, including those of countries such as Portugal, Greece, and Ireland that have recently been the beneficiaries of economic bailout programs.

Its unknown what information the hackers were able to access, and the IMF has been hesitant on saying where the attack came from, mostly because most nations are members of the fund.

Not that the IMF really needs something like this at the moment. Just last month, former IMF chief Dominique Strauss-Kahn was arrested and charged for sexually assaulting a maid. Now what a cherry on top.

(via New York Times)

It turns out Citibank was hacked in early May. Wait, you hadn’t heard? Me neither. Well, that’s just because Citibank chose to keep quiet about it until now.

We’re talking a fairly serious hack, too. The personal and account information of some 200,000 Citibank card holders in North America was breached, reports Reuters, including contact specifics like names and email addresses. The solitary bit of good news? Citibank claims far more sensitive info like social security numbers, birth dates, card expiry dates and CVV card security codes was not compromised.

“We are contacting customers whose information was impacted,” said Citibank spokesperson Sean Kevelighan in a statement. “Citi has implemented enhanced procedures to prevent a recurrence of this type of event.”

And that’s about all we know at this point. Citibank claims it’s withholding further details about the hack “for the security” of all customers affected, while an Australia-based customer advocacy group is criticizing Citibank for sitting on the news for roughly a month.

Security firm Sophos weighed in on the hack this morning, pointing out that Citibank issues over 150 million cards globally. But since the breach was reportedly localized to North American customer data, you get the 200,000 number (1% of 21 million North American users) instead of a much more serious global 1.5 million cardholders’ info in breach. Not that 200,000′s anything to grin about.

The Citibank hack comes on the heels of news that Sony Portugal was just hacked by the same Lebanese hacker who went after Sony Pictures last Friday. Sophos security expert Chester Wisniewski says that marks the sixteenth attack on Sony “by [his] count” since the PlayStation Network went belly up mid-April.

From Sony to Yahoo and Gmail, and now Citibank. It’s getting uglier out there, and there’s no time like right now to get your personal security house in order, though in the case of both the Citibank and Sony hack attacks, it wouldn’t have made an iota of difference.

Read more: http://techland.time.com/2011/06/09/now-citibank-hacked-though-admits-breach-one-month-late/#ixzz1OnqokXCP

What happens after being banned 35 times from Xbox LIVE? Well in one case of “payback” this weekend, a hacker social engineered his way into taking over the Xbox LIVE account and the website of Stephen “Stepto” Toulouse, the top cop and ultimate banhammer for Xbox LIVE. According to RipTen, Stepto “doesn’t have as much control and power over the infamous ban-hammer as he would like.”

Stepto is the Director of Policy and Enforcement for Xbox LIVE, banning gamers for things such as playing pirated games and cheating. He will make comedy routines out of gamers’ excuses and of banning people for breaking the rules. After working for Microsoft for over 15 years, Toulsen wrote A Microsoft Life. The video below was when Stepto read from “The Book of Enforcement.” You may chuckle, but most banned gamers probably don’t.

In a 6:21 minute YouTube video (warning – peppered with cursing), the hacker showed that he social engineered Network Solutions to take over email, reset the password, and infiltrated Stepto’s Xbox LIVE account. Then he changed Stepto’s settings to say, “Jacked by Predator.” He claimed to have attempted to contact Stepto on numerous occasions about a weakness in Xbox LIVE’s security, stating, “Stepto, this is for console banning me over 35 times. You had it coming, man.” There are several comments on the video suggesting this wasn’t the smartest course of action and that Stepto may well be pressing charges against Predator soon.

Stepto’s personal blog, stepto.com, was also compromised. Until it was fixed, he warned people not to send email as it was no longer private. The ultimate Xbox LIVE banhammer’s Twitter account recorded some of the events as the tweets below indicate.