GlobalSign was left red-faced after one of its web server was hacked last year. It turns out it was due to a piece of open-source software not being updated, a senior GlobalSign executive told sister site ZDNet UK.
The company ceased issuing certificates, and shut down its operations. GlobalSign said it keeps SSL-certificate issuing infrastructure "separate" from its website --- a common practice --- and reiterated that its operations was secure.
GlobalSign's own website, the site's certificate, and some other public-facing documents were compromised during the hack, but no other servers were breached.
The SSL-website certificate issuing giant tore down and rebuilt its systems after the web server was accessed by a hacker going by the name 'Comodohacker'.
GlobalSign's root certificate is disconnected from the Web, and cannot be accessed without a series of stringent security checks. ZDNet UK reports: "a person must retrieve the machine [holding GlobalSign's root certificate] from a locked box, insert a number of smart cards, and type in multiple PINs and access codes."
It came only weeks after DigiNotar, a Dutch certificate authority, which issued SSL certificates for the Dutch government amongst others, was compromised and subsequently went bankrupt. Over 500 certificates were thought to have been stolen. The Dutch government said it could "not [at the time] guarantee the security" of its online services.
Another Dutch issuer, KPN, suspended its operations after a security breach was discovered in November.
- ZDNet UK: GlobalSign breach was down to unpatched system
- GlobalSign to resume issuing website certificates after server breach
- Facebook, Google, CIA, MI6 targeted in Dutch government certificate hack
- Google, Mozilla and Microsoft ban the DigiNotar Certificate Authority in their browsers
- Google warns Iranian users of possible security breach
- Fake SSL certificates pirate Web sites