A screenshot taken from the hackers Pastebin account
(WEB HOST INDUSTRY REVIEW) — Security firm GlobalSign (www.globalsign.com) has temporarily stopped issuing certificates in response to the DigiNotar hack, according to an announcement by the company on Tuesday. The person responsible for the hacks, Comodohacker, allegedly has access to GlobalSign as well, according to the report.
The hacker didn’t provide any proof that GlobalSign had been compromised, according to the Register, but GlobalSign says it takes this claim “very seriously” and will cease issuance of all certificates until the investigation is done.
On Wednesday, GlobalSign appointed external security investigation firm Fox-IT to assist with the investigations. Fox-IT is the same firm that was hired to investigate the compromise of DigiNotar and found that hackers had issued 531 fake certificates for 344 domains, including Twitter, WordPress and the CIA.
A week ago, Google disabled a rogue SSL certificate issued by Dutch root certificate authority DigiNotar after receiving reports of attempted man-in-the-middle attacks. Other browsers followed suit, and reports have surfaced that suggest the rogue certificates were being used to spy on Iranians’ email communication.
According to a report by Register, the hacker claims to be an Iranian working alone with no connection to the government.
Many reports have applauded GlobalSign for its efforts, especially since it is unsure if it’s been compromised. The Register called the move “bold and decisive” while a report by Naked Security says GlobalSign’s decision “is what we should expect from organizations whose business models rely on trust.”
Despite detecting an intrusion into its CA infrastructure in mid-July, DigiNotar did not acknowledge it until the end of August when Google announced that rogue DigiNotar certificates for Google sites were being used in Iran.
Dutch authorities are investigating DigiNotar for possible negligence.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
