Skip to main content

GlobalSign stops issuing certificates after DigiNotar hacker boast

GlobalSign
Image used with permission by copyright holder

Certificate authority GlobalSign has stopped issuing new security certificates after a hacker who claimed responsibility for last week’s breach of DigiNotar claimed to have access to four more certificate authorities—specifically naming GlobalSign. As a precaution, GlobalSign as temporarily stopped issued new security certificates until it can complete an investigation; the company also announced it has hired Dutch cyber-security firm Fox-IT to assist—Fox-IT just helped out with the investigation of the DigiNotar breach.

“GlobalSign takes this claim very seriously and is currently investigating,” the company wrote.

Recommended Videos

GlobalSign’s move comes after an anonymous post surfaced on Pastebin, claiming to be from the attacker who recently issued several hundred bogus security certificates from DigiNotar (including one for Google). The Pastebin account was the same one used someone claiming to have previously breached the Comodo certificate authority. The attacker has also given interviews, and claims to be a 21 year-old Iranian.

In theory, the bogus certificates could be used to intercept secured communications with a Web site via a man-in-the-middle attack. Both Fox-IT and Trend Micro have noted that a large number of IP addresses connecting to Google and authenticating via DigiNotar after the breach were from Iran.

In the meantime, Dutch telecommunications firm KPN says its Getronics unit is picking up new business from former DigiNotar customers. Major desktop Web browsers have issued updates invalidating all security certificates issued by DigiNotar in order to protect users from possible security threats.

However, smartphone users may still be at risk: no smartphone or mobile OS makers (including Google and Apple) have announced plans to revoke DigiNotar certificates on devices running their operating system. This means those devices are, in theory, still susceptible to man-in-the middle attacks that would enable others to spy on communications. Given that one of the bogus certificates was issued for Google, the threat to Android users could be significant.

Apple, Google, and other smartphone OS makers must work with carriers to get updates to their users, even in the case of serious security issues like the DigiNotar breach.

Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Topics
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more
Early Prime Day deal: Samsung’s 27-inch Odyssey G3 at its annual low price
Samsung Odyssey G3 gaming monitor on desk with keyboard and headset.

If you're ready to upgrade your monitor, this Samsung deal over at Amazon just might be your best bet. The 27-inch version of Samsung's Odyssey G3 is $130 right now, a full $100 off its regular $230 price and its lowest price of the year. It's a part of early Prime Day deals and a good sampling of what we can expect for the shopping holiday, which officially lands on July 8th. Tap the button below to see it for yourself or keep reading to see why we like this deal and why this should be your next monitor.

Buy Now

Read more