GlobalSign confirms one of its servers was compromised

By Lee Kaelin on September 13, 2011, 9:48 AM

The web authentication authority GlobalSign suspended operations last week to investigate claims it had been breached. The company enlisted the services of Dutch security auditors Fox-IT, recently involved in investigating the DigiNotar scandal, and has now confirmed it was the victim of an intrusion.

"At present there is no further evidence of a breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely," they said in a statement released on their website.

The authority was quick to point out that the breached webserver has always been isolated from other company infrastructure and used purely to serve the website.

The Iranian individual known only as Comodohacker, who claimed responsibility for the previous attacks on Comodo and DigiNotar, said he had access to another four certificate authority servers in a post on his Pastebin account, citing GlobalSign as one of those four. He didn't comment on the names of the remaining three companies and is yet to provide any evidence proving he had control of GlobalSign's servers.

GlobalSign has started issuing new SSL certificates to customers today, but is continuing its investigation working alongside law enforcement agencies and other certificate authorities to help assist them with potentially related breaches.

The certificate authorities have come under increasing fire this year with several high-profile events, including the recent fiasco we reported on just two weeks ago regarding the now disgraced Dutch certificate authority, DigiNotar.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.