GlobalSign Says No New Certificates, Pending Investigation

  /     /     /  
Publicated : 22/11/2024   Category : security


GlobalSign Says No New Certificates, Pending Investigation


Move follows GlobalSign breach by Comodo hacker. Microsoft treats all DigiNotar certificates as untrusted, but downplays a related Windows malware threat.



After boasts by the Comodo hacker that hed compromised GlobalSign, the certificate authority (CA) on Tuesday announced that it would temporarily cease issuing any new certificates.
GlobalSign takes this claim very seriously and is currently investigating, according to a
statement
released by the company, which is the fifth-largest CA. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible.
Security experts praised the companys move. Its possible the accusations are simply from an anonymous raving lunatic. Yet they could be true, and rather than put the greater Internet community at risk, GlobalSign is forgoing some revenue out of an abundance of caution, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a
blog post
.
GlobalSigns actions were triggered by
boasts
posted to Pastebin on Monday by Comodohacker, saying that hed
exploited not only Dutch certificate authority DigiNotar
, but also four more certificate authorities, including GlobalSign.
On Tuesday, another
post from Comodohacker
noted that his attack against the
StartCom Certification Authority
, based in Israel, had been blocked by the company, even though hed gained access to a hardware security module (HSM). I already connected to their HSM, got access to their HSM, sent my request, but lucky Eddy (CEO) was sitting behind HSM and was doing manual verification.
Commenting on the matter in a post to Twitter, StartComs COO and CTO, Eddy Nigg, said, Security should always be designed on the assumption that a breach will occur.
Security at DigiNotar, which was bought by Chicago-based Vasco in 2010, apparently wasnt as robust. According to a report from Fox-IT--which was commissioned by the Dutch government to investigate the exploit of DigiNotar--the first known-bad certificate, for Google.com, was created by attackers on July 10, 2011. Between July 19 and July 29, DigiNotar began discovering bad certificates during routine security operations, and blocking them.
But the attack didnt come to light until August 27, when a user in Iran reported on a Google forum that his Google Chrome browser said that something was wrong with his Google certificate. All told, at least 531 bad certificates were issued.
Comodohacker said the attack against DigiNotar was payback for the
Srebrenica massacre
. He also suggested that he wasnt operating under the auspices of Iranian authorities. Im single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, Im not one who should explain, he said.
The DigiNotar hack has already had wide-ranging repercussions for the 9 million Dutch citizens--in a country with a population of 17 million--that use DigiD, a government website for accessing services, such as paying taxes. According to
news reports
, the countrys lawyers have been forced to switch to fax and mail, to handle many activities that were supported by an intranet. The Netherlands has also indefinitely extended the countrys tax deadline.
According to the Fox-IT audit, the hacker or hackers who compromised DigiNotar knew what they were doing. They used known hacker tools as well as software and scripts developed specifically for this task. Some of the software gives an amateurish impression, while some scripts, on the other hand, are very advanced. In at least one script, fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March, 2011. Parts of the log files, which would reveal more about the creation of the signatures, have been deleted.
In the wake of the exploit of DigiNotar, on Tuesday, Microsoft released a
security advisory
announcing that it was treating all DigiNotar certificates as untrusted. It also downplayed reports that fake digital certificates, for example for Windows Update, could be used to install malicious software on targeted PCs.
But Comodohacker suggested otherwise. Im able to issue windows update, Microsofts statement about Windows Update and that I cant issue such update is totally false! he said. I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API.
See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011.
Register now
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
GlobalSign Says No New Certificates, Pending Investigation