After hacking claims, second firm pulls digital certificates

GlobalSign is no longer issuing digital certificates as it investigates the incident

Digital certificates issued by GlobalSign have come under scrutiny after a hacker's claim that he broke into the company's computer systems. If true, it would be the second such compromise in the past few weeks.

The hacker, known as Comodohacker, said on Monday he had broken into Dutch certificate authority (CA) DigiNotar and that he had access to four other such companies, including GlobalSign, a certificate authority based in Portsmouth, New Hampshire. On Tuesday, GlobalSign said it was investigating the claim and had "decided to temporarily cease issuance of all certificates until the investigation is complete."

"We will post updates as frequently as possible," the company said in a post to its website. "We apologize for any inconvenience."

GlobalSign couldn't immediately be reached for comment, but earlier in the day, Steve Roylance, GlobalSign's business development director, said his company was "taking this very seriously."

Comodohacker, also known as Ich Sun, is the person who earlier this year claimed to have broken into security vendor and certificate issuer Comodo. At the time he said he was a 21-year-old student who had also compromised another certificate authority, but he didn't name his other victim.

Little noticed by most Web surfers, digital certificates are an important part of the Internet's foundations. They help browsers know when they are visiting legitimate websites rather than fakes.

A country that has control over its Internet service providers and has access to fake digital certificates could create a website that would be almost impossible to distinguish from, for example, Gmail.com. That's what some experts think happened in Iran last month.

A forensics report commissioned by DigiNotar found someone had hacked into DigiNotar and set up a fake Google.com site that was used in late July and August to spy on as many as 300,000 Iranians.

Most browsers no longer trust the DigiNotar certificates, but if Comodohacker's claims are true there could be further problems in store.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Tags securitygovernmentGlobalSignDigiNotar

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?