October 20, 2014

GlobalSign Temporarily Halt Issuing Digital Certificates

(LiveHacking.Com) – GlobalSign, the world’s fifth largest certificate issuer, has temporarily halted the issuance of all digital certificates following a claim that the same hacker responsible for the recent DigiNotar hack has access to four other Certificate Authorities, and named GlobalSign as one of them.

A statement on the GlobalSign web site reads:

GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible.

We apologize for any inconvenience.

This is a wise move by GlobalSign and it seems it doesn’t want to repeat the same mistakes that DigiNotar made. One of the reasons DigiNotar losts its trust status was because of its failure to notify companies like Mozilla that fraudulent certificates were issued for its domains. The cost of its attempt to hide the security breach was that it effectively went out of business.

The hacker also claimed in his posting that:

I have around 300 code signing certificates and a lot of SSL certs with again code signing permission, look at Google’s cert, I have code signing privilege! You see?

The hacker also says that he has targeted DigiNotar for a specific reason:

Dutch government is paying what they did 16 years ago about Srebrenica…

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks