Date:08/09/11
Belgian security firm GlobalSign has temporarily stopped issuing authentication certificates for secure websites. It comes after an anonymous hacker claimed to have gained access to the company's servers.
If confirmed, it would be the second security breach at a European certificate authority in two months.Hundreds of bogus DigiNotar authentications were issued following an intrusion into its systems.
Certificate authorities (CAs) are companies or public bodies whose job is to confirm that secure websites are genuine.
When computers connect to a site with TLS or SSL authentication, a certificate is issued which verifies the site's identity to the web browser.
Fake certificates could allow someone to spy on a user's activity. GlobalSign took action as the result of a posting which appeared on the online notice board Pastebin.
The author, who identified themselves only as "ComodoHacker", claimed to have gained access to four certificate authorities, in addition to DigiNotar.
Only GlobalSign is named, although the message points out that an attack on StartCom was foiled by its boss Eddy Nigg. ComodoHacker also refers to an attack on US certificate authority Comodo, which was targeted in March.
As a precaution, GlobalSign said it was temporarily ceasing the issuance of all certificates while it investigated the claims. The hacker also played down suggestions that the attacks were the work of Iranian authorities.
"I'm single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, I'm not one who should explain," said the posting.
It had been suggested that, because many of the bogus DigiNotar certificates were issued to users in Iran, that authorities in there may have initiated the CA hack as a tool for spying on dissidents.
A report on the DigiNotar attack said that up to 300,000 Iranians may have had their Gmail accounts monitored as a result of a fake Google certificate being created.
GlobalSign stops secure certificates after hack claim
Belgian security firm GlobalSign has temporarily stopped issuing authentication certificates for secure websites. It comes after an anonymous hacker claimed to have gained access to the company's servers. If confirmed, it would be the second security breach at a European certificate authority in two months.Hundreds of bogus DigiNotar authentications were issued following an intrusion into its systems.
Certificate authorities (CAs) are companies or public bodies whose job is to confirm that secure websites are genuine.
When computers connect to a site with TLS or SSL authentication, a certificate is issued which verifies the site's identity to the web browser.
Fake certificates could allow someone to spy on a user's activity. GlobalSign took action as the result of a posting which appeared on the online notice board Pastebin.
The author, who identified themselves only as "ComodoHacker", claimed to have gained access to four certificate authorities, in addition to DigiNotar.
Only GlobalSign is named, although the message points out that an attack on StartCom was foiled by its boss Eddy Nigg. ComodoHacker also refers to an attack on US certificate authority Comodo, which was targeted in March.
As a precaution, GlobalSign said it was temporarily ceasing the issuance of all certificates while it investigated the claims. The hacker also played down suggestions that the attacks were the work of Iranian authorities.
"I'm single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, I'm not one who should explain," said the posting.
It had been suggested that, because many of the bogus DigiNotar certificates were issued to users in Iran, that authorities in there may have initiated the CA hack as a tool for spying on dissidents.
A report on the DigiNotar attack said that up to 300,000 Iranians may have had their Gmail accounts monitored as a result of a fake Google certificate being created.
Views: 910
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
