Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

GlobalSign stops issuing certificates after DigiNotar hacker boast

By
Add as a preferred source on Google
GlobalSign
Image used with permission by copyright holder

Certificate authority GlobalSign has stopped issuing new security certificates after a hacker who claimed responsibility for last week’s breach of DigiNotar claimed to have access to four more certificate authorities—specifically naming GlobalSign. As a precaution, GlobalSign as temporarily stopped issued new security certificates until it can complete an investigation; the company also announced it has hired Dutch cyber-security firm Fox-IT to assist—Fox-IT just helped out with the investigation of the DigiNotar breach.

“GlobalSign takes this claim very seriously and is currently investigating,” the company wrote.

Recommended Videos

GlobalSign’s move comes after an anonymous post surfaced on Pastebin, claiming to be from the attacker who recently issued several hundred bogus security certificates from DigiNotar (including one for Google). The Pastebin account was the same one used someone claiming to have previously breached the Comodo certificate authority. The attacker has also given interviews, and claims to be a 21 year-old Iranian.

In theory, the bogus certificates could be used to intercept secured communications with a Web site via a man-in-the-middle attack. Both Fox-IT and Trend Micro have noted that a large number of IP addresses connecting to Google and authenticating via DigiNotar after the breach were from Iran.

In the meantime, Dutch telecommunications firm KPN says its Getronics unit is picking up new business from former DigiNotar customers. Major desktop Web browsers have issued updates invalidating all security certificates issued by DigiNotar in order to protect users from possible security threats.

However, smartphone users may still be at risk: no smartphone or mobile OS makers (including Google and Apple) have announced plans to revoke DigiNotar certificates on devices running their operating system. This means those devices are, in theory, still susceptible to man-in-the middle attacks that would enable others to spy on communications. Given that one of the bogus certificates was issued for Google, the threat to Android users could be significant.

Apple, Google, and other smartphone OS makers must work with carriers to get updates to their users, even in the case of serious security issues like the DigiNotar breach.

Geoff Duncan
Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Topics
A clever Mac app lets you feel vibrations through the trackpad when you click a link or button
This $5 Mac app turns your trackpad into a tiny web radar
HapticPad Mac App

A new Mac app called HapticPad tries to make browsing more tactile. Posted by its developer on Reddit’s r/macapps community, the app uses a Mac’s Force Touch trackpad to trigger a subtle vibration when your cursor hovers over links, buttons, and input fields in the browser. So you can quite literally "feel" parts of a web page before you click them. It is a small idea, but it has the kind of obvious-in-hindsight cleverness that makes you wonder why macOS does not already do this.

So how does this work?

Read more
ChatGPT and Gemini could be quietly affecting your voting decisions, analysis shows
Your AI chatbot also has a political lean
AI Apps installed on iPhone Gemini DeepSeek Claude ChatGPT Auren

It's already pretty common to ask AI chatbots for help with emails, homework, travel plans, and so much more. So it was only a matter of time before politics entered the chat. A new analysis from The Washington Post suggests that major AI chatbots may not be as politically neutral as they often sound. The Post tested models behind OpenAI’s ChatGPT, Google’s Gemini, Anthropic’s Claude, DeepSeek, xAI’s Grok, and Gab’s Arya using a set of political questions designed to measure how chatbots handle hot-button issues.

According to the Post, OpenAI’s model gave one-sided left-leaning answers in 80% of responses, while Google’s Gemini mostly took a both-sides approach, giving left- and right-leaning arguments in more than 90% of its answers.

Read more
Gemini in Chrome can now see exactly what you’re looking at on screen
Google's new "Select from screen" tool makes it easier to ask Gemini questions about text and images in a browser tab.
Google Chrome Gemini Featured

Google is making Gemini a lot more aware of what's happening inside Chrome. The company has started rolling out a new "Select from screen" feature that lets users highlight specific text or images from a webpage and send them directly to Gemini, making conversations with the AI assistant far more contextual.

Gemini can now focus on exactly what users want to ask about

Read more