arglebargle_xiv writes At the risk of burning people on the topic of PKI fail, someone claiming to be the pirate Diginotar came to claim responsibility: the pirate ComodoGate 0wn He also claims four more ‘high – Profile KT. and still has the ability to issue new certificates thugs, presumably from other CA 0wns it. What this statement is true or not, which leads to the violation in the first place? Dr player points to the interim report commissioned by the Dutch government (PDF) that a) No antivirus software was present on servers Diginotar a, b) the most critical servers had malware infections c) The software on the public web server has been exceeded and unpatched, and d) all the servers were accessible by a user / password, which was not very strong and could easily be brute-force.