
GlobalSign claims breach did not compromise SSL certificates
Certificate authority escapes same fate as DigiNotar
SSL certificate authority GlobalSign has admitted that its web site's SSL certificate and key were compromised during a September security breach, but claimed that no customer data was exposed and no rogue certificates were issued.
The Belgian security firm was forced to stop issuing certificates from 6 to 15 September after suspecting that it may have fallen victim to the 'Comodo hacker' who compromised certificate authorities including DigiNotar and Comodo.
GlobalSign said in a statement on its web site that a web server hosting globalsign.com was breached on 9 September but that it was "peripheral" to the certificate issuance infrastructure.
"The www.globalsign.com domain is used only for the externally facing North American web sites and runs no web applications capable of requesting or issuing certificates nor does it hold any customer data," the firm said.
"The breached web server was immediately locked down and subsequently rebuilt with a new disk and hardened system image."
The security of the web has been called into question in recent months after a string of certificate authorities were breached.
SSL certificates were originally designed to validate the authenticity of web sites, but if cyber criminals manage to breach the defences of certificate authorities and issue fake SSL certs, they can effectively create web pages masquerading as real ones.
GlobalSign will be pleased it escaped the fate of DigiNotar, the Dutch certificate authority which was declared bankrupt after a breach of its systems led to the issuing of fake certificates.
V3 Latest
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT wants to make the public switched telephone network history within eight years
Facebook Login hijacked by hidden web trackers, claim security researchers
Personal data being purloined by third parties via Facebook Login API
Apple: we've no plans to merger iOS and MacOS
MacOS and iOS are better off apart, says CEO Tim Cook
Oracle: Java SE 8 business users must buy a licence from January next year
Or they'll no longer be entitled to updates and bug patches