In a post on his Pastebin account, Comodohacker says he has access to their entire server
(WEB HOST INDUSTRY REVIEW) — Despite finding evidence of a breach to its website, certificate authority GlobalSign (www.globalsign.com) started to bring system components back online Monday. GlobalSign says customers should be able to process orders beginning Tuesday morning, according to a press release.
GlobalSign stopped issuing certificates last Tuesday after a hacker named the company as one of the CAs it had access to after the DigiNotar breach. The same hacker that attacked Comodo earlier this year claimed responsibility for the DigiNotar attack that let 531 certificates into the wild.
Many reports called GlobalSign’s move bold, especially since it had no concrete evidence at the time, and took its services offline as more of a precautionary measure. GlobalSign appointed Dutch security firm Fox-IT to assist with the investigations. (Fox-IT was commissioned by the Dutch government in the initial DigiNotar investigation).
On Friday, Sept. 9, GlobalSign said it found evidence of a breach to the server hosting its website. However, since the server “has always been isolated from all other infrastructure” and is only used to serve its website, GlobalSign decided to go ahead with its plans of restoring services on Monday.
“At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues,” GlobalSign said in a statement on Friday.
Over the weekend, GlobalSign apologized for the delay and said it was working with Cyber Defense Institute Japan as part of the reactivation process.
While GlobalSign took immediate and extreme action, Symantec told its customers on Wednesday that it would continue business as usual after “exhaustive audits” of the network determined the systems were not affected by the DigiNotar breach. However, Symantec said it would update customers if any issues came up.
Browsers began disabling DigiNotar certificates at the end of August after Google found man-in-the-middle attacks intercepting Iran Gmail accounts.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
