GlobalSign to resume issuing website certificates after server breach

Summary:GlobalSign is to resume issuing SSL-website certificates, after the certificate authority said that hackers had breached one of its web servers.

GlobalSign is to resume issuing SSL-website certificates, after the certificate authority said that hackers had breached one of its web servers.

Keen to point out that the certificate authority keeps its SSL-certificate issuing infrastructure separate from its website operations, the company is still investigating whether fake certificates were created.

This is believed to be part of a wider hack, which affected Dutch certificate authority DigiNotar and all of its customers, including the Dutch government.

The fake certificates could not therefore guarantee that the sites that were being accessed, were the intended sites the visitor wanted to access.

In a statement on its website:

"At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely.

We will be bringing system components back on line on Monday during a sequenced startup, but we do not foresee that customers will be able to process orders until Tuesday morning."

It is believed that a hacker, going by the name 'Comodohacker', gained access to not only GlobalSign's certificate issuing service, something the certificate authority denies, but three other companies that issue SSL-certificates.

DigiNotar was accessed and fake certificates were generated, but there is no evidence yet to suggest that GlobalSign was hacked.

GlobalSign responded by ceasing issuing operations pending an investigation.

It is believed that over 500 fake certificates were created by the hacker through DigiNotar, many of which were used in Iran, potentially giving others snooping access on

Google highly recommended that users of Gmail change their passwords, to be on the safe side.

Other major companies and organisations were affected by the fake certificates, including Facebook, Google and Microsoft's Windows Update service. Intelligence services including Britain's MI6, the CIA and Israel's Mossad were also affected.


Topics: Developer, Enterprise Software, Security


Zack Whittaker is a writer-editor for ZDNet, and sister sites CNET and CBS News. He is based in the New York newsroom. His PGP key is: EB6CEEA5.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.