Skip to main content

GlobalSign stops issuing certificates after DigiNotar hacker boast

GlobalSign

Certificate authority GlobalSign has stopped issuing new security certificates after a hacker who claimed responsibility for last week’s breach of DigiNotar claimed to have access to four more certificate authorities—specifically naming GlobalSign. As a precaution, GlobalSign as temporarily stopped issued new security certificates until it can complete an investigation; the company also announced it has hired Dutch cyber-security firm Fox-IT to assist—Fox-IT just helped out with the investigation of the DigiNotar breach.

“GlobalSign takes this claim very seriously and is currently investigating,” the company wrote.

Related Videos

GlobalSign’s move comes after an anonymous post surfaced on Pastebin, claiming to be from the attacker who recently issued several hundred bogus security certificates from DigiNotar (including one for Google). The Pastebin account was the same one used someone claiming to have previously breached the Comodo certificate authority. The attacker has also given interviews, and claims to be a 21 year-old Iranian.

In theory, the bogus certificates could be used to intercept secured communications with a Web site via a man-in-the-middle attack. Both Fox-IT and Trend Micro have noted that a large number of IP addresses connecting to Google and authenticating via DigiNotar after the breach were from Iran.

In the meantime, Dutch telecommunications firm KPN says its Getronics unit is picking up new business from former DigiNotar customers. Major desktop Web browsers have issued updates invalidating all security certificates issued by DigiNotar in order to protect users from possible security threats.

However, smartphone users may still be at risk: no smartphone or mobile OS makers (including Google and Apple) have announced plans to revoke DigiNotar certificates on devices running their operating system. This means those devices are, in theory, still susceptible to man-in-the middle attacks that would enable others to spy on communications. Given that one of the bogus certificates was issued for Google, the threat to Android users could be significant.

Apple, Google, and other smartphone OS makers must work with carriers to get updates to their users, even in the case of serious security issues like the DigiNotar breach.

Editors' Recommendations

Topics
Windows 10 Home vs. Pro vs. S mode: What’s the difference?
dell xps 15 2 in 1 review version 1522861390 front display

Windows 10 still holds its own, despite Windows 11 being worth the upgrade. It has many of the same features as its younger sibling, and with some applications, it still performs better. But if you plan to install Windows 10 on a new computer, you'll need to pick from one of the many options of Windows 10 to install.

Should you install Windows 10 Home? Windows 10 Pro? What about S Mode? In this guide to Windows 10, we'll break down the most popular versions and why one or the other might be best for you.
Windows 10 Home vs. Pro vs. S mode features
It can be challenging to work through all the Windows 10 versions to decide which one is right for your needs. All three mainstream versions are on this list and should give you the best choices for general computing or school. 

Read more
The most common Zoom problems and how to fix them
zoom privacy feature freeze active users meeting office

Is Zoom giving you problems and you can't seem to fix them? Video conferencing software is more popular than ever, with thousands of companies turning to teleworking to keep their employees in the loop. Zoom and other online meeting tools make that easier than ever, but as with any other software, issues will arise, and they disrupt or even prevent good video calls.

Fortunately, while there are Zoom service outages you can't do much about, you often can fix typical problems yourself. To help get your Zoom calls working properly, we’ve collected the most common Zoom problems users face and have provided easy solutions to be able to fix them.

Read more
The best Mac apps for 2023: top software for your Mac
macos mojave hands on review app store

One of the best parts about owning an Apple computer is the massive ecosystem of superb Mac apps it gives you access to. There are apps available to Mac users no matter what you are looking for, whether that's productivity, photo and video editors, security suites, and more. You can get them from Apple's own App Store or from third-party developer websites, and many of the best Mac apps are even free.

Whether you just bought your first Mac or you're a longtime Apple customer, here's a look at some of the best Mac apps you can get.
Mac apps to change your interface

Read more