After hacking claims, second firm pulls digital certificates
GlobalSign is no longer issuing digital certificates as it investigates the incident
IDG News Service - Digital certificates issued by GlobalSign have come under scrutiny after a hacker's claim that he broke into the company's computer systems. If true, it would be the second such compromise in the past few weeks.
The hacker, known as Comodohacker, said on Monday he had broken into Dutch certificate authority (CA) DigiNotar and that he had access to four other such companies, including GlobalSign, a certificate authority based in Portsmouth, New Hampshire. On Tuesday, GlobalSign said it was investigating the claim and had "decided to temporarily cease issuance of all certificates until the investigation is complete."
"We will post updates as frequently as possible," the company said in a post to its website. "We apologize for any inconvenience."
GlobalSign couldn't immediately be reached for comment, but earlier in the day, Steve Roylance, GlobalSign's business development director, said his company was "taking this very seriously."
Comodohacker, also known as Ich Sun, is the person who earlier this year claimed to have broken into security vendor and certificate issuer Comodo. At the time he said he was a 21-year-old student who had also compromised another certificate authority, but he didn't name his other victim.
Little noticed by most Web surfers, digital certificates are an important part of the Internet's foundations. They help browsers know when they are visiting legitimate websites rather than fakes.
A country that has control over its Internet service providers and has access to fake digital certificates could create a website that would be almost impossible to distinguish from, for example, Gmail.com. That's what some experts think happened in Iran last month.
A forensics report commissioned by DigiNotar found someone had hacked into DigiNotar and set up a fake Google.com site that was used in late July and August to spy on as many as 300,000 Iranians.
Most browsers no longer trust the DigiNotar certificates, but if Comodohacker's claims are true there could be further problems in store.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts