Unpatched server led to GlobalSign breach

Summary:GlobalSign failed to update one of its web servers, which allowed a hacker to access it, and led to the company ceasing operations for more than a week.

GlobalSign was left red-faced after one of its web server was hacked last year. It turns out it was due to a piece of open-source software not being updated, a senior GlobalSign executive told sister site ZDNet UK.

The company ceased issuing certificates, and shut down its operations. GlobalSign said it keeps SSL-certificate issuing infrastructure "separate" from its website --- a common practice --- and reiterated that its operations was secure.

GlobalSign's own website, the site's certificate, and some other public-facing documents were compromised during the hack, but no other servers were breached.

The SSL-website certificate issuing giant tore down and rebuilt its systems after the web server was accessed by a hacker going by the name 'Comodohacker'.

It resumed issuing website certificates a week later and said it has "learned much" from the incident.
An external audit showed that GlobalSign's operations were safe and secure, but its website certificate was taken and could have been used to impersonate the company's website.

GlobalSign's root certificate is disconnected from the Web, and cannot be accessed without a series of stringent security checks. ZDNet UK reports: "a person must retrieve the machine [holding GlobalSign's root certificate] from a locked box, insert a number of smart cards, and type in multiple PINs and access codes."

It came only weeks after DigiNotar, a Dutch certificate authority, which issued SSL certificates for the Dutch government amongst others, was compromised and subsequently went bankrupt. Over 500 certificates were thought to have been stolen. The Dutch government said it could "not [at the time] guarantee the security" of its online services.

Another Dutch issuer, KPN, suspended its operations after a security breach was discovered in November.

Related:

Topics: Browser, Security, Servers, Software Development

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.