Skip to main content

GlobalSign stops issuing certificates after DigiNotar hacker boast

GlobalSign
Image used with permission by copyright holder

Certificate authority GlobalSign has stopped issuing new security certificates after a hacker who claimed responsibility for last week’s breach of DigiNotar claimed to have access to four more certificate authorities—specifically naming GlobalSign. As a precaution, GlobalSign as temporarily stopped issued new security certificates until it can complete an investigation; the company also announced it has hired Dutch cyber-security firm Fox-IT to assist—Fox-IT just helped out with the investigation of the DigiNotar breach.

“GlobalSign takes this claim very seriously and is currently investigating,” the company wrote.

GlobalSign’s move comes after an anonymous post surfaced on Pastebin, claiming to be from the attacker who recently issued several hundred bogus security certificates from DigiNotar (including one for Google). The Pastebin account was the same one used someone claiming to have previously breached the Comodo certificate authority. The attacker has also given interviews, and claims to be a 21 year-old Iranian.

In theory, the bogus certificates could be used to intercept secured communications with a Web site via a man-in-the-middle attack. Both Fox-IT and Trend Micro have noted that a large number of IP addresses connecting to Google and authenticating via DigiNotar after the breach were from Iran.

In the meantime, Dutch telecommunications firm KPN says its Getronics unit is picking up new business from former DigiNotar customers. Major desktop Web browsers have issued updates invalidating all security certificates issued by DigiNotar in order to protect users from possible security threats.

However, smartphone users may still be at risk: no smartphone or mobile OS makers (including Google and Apple) have announced plans to revoke DigiNotar certificates on devices running their operating system. This means those devices are, in theory, still susceptible to man-in-the middle attacks that would enable others to spy on communications. Given that one of the bogus certificates was issued for Google, the threat to Android users could be significant.

Apple, Google, and other smartphone OS makers must work with carriers to get updates to their users, even in the case of serious security issues like the DigiNotar breach.

Topics
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
You can restart a laptop with just a keyboard. Here are the two ways
Close up of a person's hands as they type on a laptop's keyboard.

Restarting your laptop with just a keyboard can be super handy if the touchpad goes haywire or your mouse is playing up. With just a few keys, you can reboot your laptop quickly and easily, getting it back working again properly in no time. If it still doesn't work after that, better check our our common Windows 11 problems guide.

Here's how to restart your laptop with the keyboard.

Read more
The biggest question about Intel’s Lunar Lake CPUs was just answered
Intel announcing its Lunar Lake CPUs.

Although we know all of the details about Intel's Lunar Lake architecture, the processors themselves have been shrouded in mystery. Now, we have our first taste of what these processors could look like, including a critical spec that Intel has kept under wraps: power draw.

Specs for the full lineup of Lunar Lake CPUs were shared by VideoCardz citing its own sources. As usual, it's important to handle these specs with a healthy dose of skepticism. According to the outlet, Intel is set to share more about the CPUs in the coming weeks, so it shouldn't be long until we have confirmed specs.

Read more
How to use ChatGPT to analyze PDFs
The chatGPT chat screen with an uploaded image, on an Acer, on a bench, on a deck.

Thanks to its advanced vision capabilities, ChatGPT can provide you with in-depth analysis and summarization of images and documents alike. This can be especially handy when you have a research paper or legal documents spanning dozens of pdf pages. Why go through all that trouble to parse them yourself when you can simply have ChatGPT do it for you? In this guide, you'll see just how easy it is to upload PDFs to ChatGPT.

Read more