Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

GlobalSign stops issuing certificates after DigiNotar hacker boast

By
Add as a preferred source on Google
GlobalSign
Image used with permission by copyright holder

Certificate authority GlobalSign has stopped issuing new security certificates after a hacker who claimed responsibility for last week’s breach of DigiNotar claimed to have access to four more certificate authorities—specifically naming GlobalSign. As a precaution, GlobalSign as temporarily stopped issued new security certificates until it can complete an investigation; the company also announced it has hired Dutch cyber-security firm Fox-IT to assist—Fox-IT just helped out with the investigation of the DigiNotar breach.

“GlobalSign takes this claim very seriously and is currently investigating,” the company wrote.

Recommended Videos

GlobalSign’s move comes after an anonymous post surfaced on Pastebin, claiming to be from the attacker who recently issued several hundred bogus security certificates from DigiNotar (including one for Google). The Pastebin account was the same one used someone claiming to have previously breached the Comodo certificate authority. The attacker has also given interviews, and claims to be a 21 year-old Iranian.

In theory, the bogus certificates could be used to intercept secured communications with a Web site via a man-in-the-middle attack. Both Fox-IT and Trend Micro have noted that a large number of IP addresses connecting to Google and authenticating via DigiNotar after the breach were from Iran.

In the meantime, Dutch telecommunications firm KPN says its Getronics unit is picking up new business from former DigiNotar customers. Major desktop Web browsers have issued updates invalidating all security certificates issued by DigiNotar in order to protect users from possible security threats.

However, smartphone users may still be at risk: no smartphone or mobile OS makers (including Google and Apple) have announced plans to revoke DigiNotar certificates on devices running their operating system. This means those devices are, in theory, still susceptible to man-in-the middle attacks that would enable others to spy on communications. Given that one of the bogus certificates was issued for Google, the threat to Android users could be significant.

Apple, Google, and other smartphone OS makers must work with carriers to get updates to their users, even in the case of serious security issues like the DigiNotar breach.

Geoff Duncan
Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Topics
Gemini in Chrome can now see exactly what you’re looking at on screen
Google's new "Select from screen" tool makes it easier to ask Gemini questions about text and images in a browser tab.
Google Chrome Gemini Featured

Google is making Gemini a lot more aware of what's happening inside Chrome. The company has started rolling out a new "Select from screen" feature that lets users highlight specific text or images from a webpage and send them directly to Gemini, making conversations with the AI assistant far more contextual.

Gemini can now focus on exactly what users want to ask about

Read more
Microsoft’s new Surface PCs are cheaper — but there’s a catch
Cardboard, Box, Carton

The tech industry’s favorite balancing act is getting harder by the month. Component prices are rising, memory costs refuse to settle down, and laptop makers are scrambling to keep sticker shock under control. Microsoft’s latest Surface refresh feels like a direct response to that problem.

The company has introduced new entry-level versions of its 12-inch Surface Pro and 13-inch Surface laptop, offering lower starting prices without changing the processor or storage. On the surface, that sounds like good news for budget-conscious buyers. Dig a little deeper, however, and you’ll find a compromise hiding in plain sight.

Read more
A new supercomputer has dethroned the U.S — here’s why it matters
Crowd, Person, Architecture

The race to build the world’s fastest supercomputer has been dominated by the United States. Now, China has stormed back into the lead. A newly ranked system called LineShine has claimed the No. 1 position on the latest Top500 list, a closely watched ranking of the planet’s most powerful supercomputers. The machine, located in Shenzhen, pushed past the U.S. government’s El Capitan system and became the first Chinese computer to top the list since 2017. That’s notable on its own. But what makes LineShine particularly interesting is how it got there.

The tortoise just outran the rocket

Read more