Certificate authority GlobalSign admitted it suffered a web server attack but “did not find any evidence” of rogue certificates being issued, compromised certificates, or exposed customer data.
However, its own website’s SSL certificate and key for www.globalsign.com was “deemed compromised” and revoked.
(Source: Flickr, CC)
The security firm stopped issuing SSL certificates from September 5th–15th after the company discovered that it had been attacked.
A hacker known as “Comodohacker” compromised other certificate authorities including Comodo and DigiNotar.
While its own website and web servers were attacked by the hacker, the statement issued today said that its website was “peripheral” to certificate-issuing operations.
Though its SSL certificate issuing operations were untouched, “additional security precautions were taken”, such as the rebuilding of its certificate infrastructure with new hardware and “hardened images” for all services.
GlobalSign said that it had “learned much” from this incident, acknowledging that the threat landscape has “evolved”, and remains committed to mitigating outages and downtime from future attacks.
The security of the web has been called into question after a series of hacks led to certificates being revoked on a widespread scale, and led to the downfall of one key player in the online security industry.
DigiNotor, a Netherlands-based certificate authority, which issued certificates for the Dutch government, subsequently went bankrupt. The Dutch government at the time warned users of its websites that it “could not guarantee the security” of its online services.
Over 500 certificates were believed to have been stolen, affecting users of Facebook, Twitter, and even Microsoft’s Windows Update service. State intelligence services from Israel’s Mossad, Britain’s MI6, and the United States’ CIA were also left vulnerable to the incident.
Dutch certificate authority KPN suspended its SSL certificate operations after a security breach was discovered last month.
Related:
