Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 8 MINUTES AGO.
You are here: Home / Cybercrime / GlobalSign Halts New SSL Certificates
GlobalSign Stops Issuing Security Certificates Pending Probe
GlobalSign Stops Issuing Security Certificates Pending Probe
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
07
2011
A leading security certificate authority, GlobalSign, has announced it will stop issuing new certificates pending an investigation into security threats. The action comes following an earlier announcement that a hacker or group of hackers had compromised several issuers of certificates.

The hacker, who calls himself Ichsun and who is known as the Comodo Hacker for a March security break-in to that company, has posted messages about other security breaches on Pastebin, a site where programmers can store and share pieces of source code or configuration text. Comodo Hacker claims responsibility for an online break-in in July to the Dutch certificate authority, DigiNotar.

More Severe Than Expected

DigiNotar fraudulent certificates had been issued to Google, the CIA, Facebook, Microsoft, Twitter, WordPress, and Israel's intelligence agency, Mossad. The hacker Monday named four other high-profile certificate authorities that he claimed also had been breached, with GlobalSign listed as No. 4. GlobalSign is considered to be the fifth-largest issuer of online security certificates.

"GlobalSign takes this claim very seriously and is currently investigating," the company said in a statement. GlobalSign has brought in Fox-IT, a Dutch cybersecurity firm, to assist the company with the investigation.

Last week, following reports of fraudulent secure sockets layer (SSL) certificates from DigiNotar, the Dutch government took control of that certificate authority and employed Fox-IT to begin an investigation.

On Monday, Fox-IT said in a preliminary report that the breach at DigiNotar was more severe than had been originally expected. Stolen certificates, it said, could have been used for some time to spy on visitors to popular sites, as DigiNotar was compromised for more than a month.

The DigiNotar breach follows the March break-in to Comodo, whose slogan is "creating trust online" and which provides authentication for individuals, businesses, and websites, including SSL certificates. Comodo Hacker apparently found that a dynamic-link library file, or DLL, used in the submission of certificate signing requests, or CSRs, enabled him to issue fake CSRs that appeared to have been submitted by Comodo.

'Experience of 1,000 Hackers'

Comodo Hacker has said he was Iranian, although he claimed no connection with a group called the Iranian Cyber Army.

"I'm not a group," he said in one posting, but instead is a "single hacker with experience of 1,000 hackers."

Security blogger Chester Wisniewski, a senior security adviser at Sophos Canada, asked on his blog why, if the Comodo Hacker is an individual not aligned with the regime in Iran, he would "issue certificates for these specific websites all related to secure communication methods often used by dissidents to organize protests and share news with the world"?

Earlier this week, a Fox-IT preliminary report indicated that virtually all the attacks on DigiNotar originated in Iran, and there has been suspicion that this was part of an effort by that country's government to spy on Iranian dissidents who communicate through the Internet. Fake online security certificates can be used to intercept and read encrypted web traffic, such as emails, banking and log-ins.

Wisniewski praised GlobalSign's action, noting that the claims by Comodo Hacker of other break-ins could be false.

"Yet," he wrote, "they could be true, and rather than put the greater Internet community at risk, GlobalSign is foregoing some revenue out of an abundance of caution."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CYBERCRIME

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.