Earlier this month, Dutch certificate authority DigiNotar was breached, resulting in the creation of hundreds of false certificates. Some of these were used by rogue entities in Iran, prompting major browser vendors to act to protect their users.
An anonymous post from "ComodoHacker" claimed to have breached four certificate authorities, naming GlobalSign. In response, GlobalSign temporarily ceased issuance of all Certificates while it carried out an investigation. It brought in help from Fox IT, a security firm that investigated the DigiNotar hack.
While GlobalSign did find evidence of an attack on one of its web servers, it found no hard evidence that its systems had been compromised. It said it would resume issuing Certificates on Tuesday.
Hundreds of certificate authorities around the world provide certificates to web services, verifying that they are legitimate and are what they appear to be. They are used to provide secure access, mainly through SSl, to privacy-conscious users.
Written by: James Delahunty @ 13 Sep 2011 2:19
