Certificate authority (CA) GlobalSign confirmed that there has been security breach that affected one of its web servers.
Following a rather blunt announcement by ComodoHacker, who claims to be responsible for the DigiNotar hack, GlobalSign said that there was a break-in in the webserver that hosts its website. The company said that it has found no evidence that other servers have been breached as well.
"As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues," the company said. "All forensics are being shared with the authorities and other CAs to assist with their own investigations into other potentially related attacks." GlobalSign that "system components" were taken offline, but started to come back online with the help of Cyber Defense Institute Japan on Monday.
All CAs have recently come under significant pressure as browser manufacturers are expecting them to tighten their security. Mozilla, for example, threatened CAs with a potential removal from Firefox, if they do not meet certain security criteria. Meanwhile, Comodohacker is given interviews and is announcing possible further intrusions.
- Microsoft Garage Has A Mouse Without Borders
- WD Brings Personal Cloud to Smartphones, Tablets
- Logitech Intros Wireless Touchpad for PCs
- ORNL Discovers New Material for Fast-charging Batteries
- Report: Nintendo Struggling with Wii U Development
- Europe, Australia Getting White PS3 in November
- Report: HTC Considering Purchasing an OS
- GameStop Now Testing Its Android Gaming Tablet
- Amazon Considering a Book Rental Library Service
- Nintendo Announces Pink 3DS for December 10
- Play Super Mario on a Cardboard Box Console
- Symantec's Norton One Will Protect All Your Devices
- Nintendo 3DS Slide-pad Official; 3DS Gets Video Capture
- mHotspot Can Create a Chain of Access Points
- Walkman Z Series Features Tegra 2, Gingerbread
- A Hybrid PS3 Controller With Built-In Qwerty Keyboard
- 3D Printers Can Print Blood Vessels
- Chrome Tops 25% Market Share for the First Time
- Diablo 3 Combat Will Be Lag-Free; PayPal Supported
Boy... that is serious...
wow i'm just shocked.
How would one even do that.
What did the hacker do after breaching the webserver?
It's one thing to break in, it's another to not get caught. If the proper authorities want to find him, anyone for that matter, they will. Hope this idiot doesn't think he can just waltz in.
What is CA?
Certificate of Authority, used for SSL connections so people can log into their bank, buy stuff online, etc. Breaking into a CA can threaten all SSL connections that use that CA which is why this is serious.
The real bad guys don't talk about their hacks, they just profit off of them. The hackers that talk about their exploits are the ones that deserve a thank you.
So! They finally admitted that it has happened. I read the earlier news article on toms hardware.
Shut down the electricity and all the world will be fine again!!!
What did the hacker do after breaching the webserver?
When you breach into a whole you get to have an orgasm after that???
...........
...yes. That's exactly what happens.
feelsgoodman.png
@aftcomet: Problem is, all indication are that the hacker is in Iran, doing work that supports the government there. The chance that the relevant "authorities" would even want to stop him is... Zero.
Globalsign's own website posted press releases beginning from Sept 9 about the breach. They did mention that root certificates are completely kept offline, and this breach affected only the isolated web server that hosts the site. I take it that any potential problems would be more contained and not a Sony buy one get 2 free.
@aftcomet: Problem is, all indication are that the hacker is in Iran, doing work that supports the government there. The chance that the relevant "authorities" would even want to stop him is... Zero.
hackers are full of disinformation. don't trust what they say about their name and location. It's more often than not an effort through people off the scent. It could be anyone from a single iranian hacker to a NSA run officially denied pen testing team making sure sites important to US commerce and finace are locked down tight. I can't believe an iranian hacker with possible animosity to the west, a heavily monitored internet and relatively poor finacial outlook ( compared to what he could steal if he kept his mouth shut and went black hat ) would do this on his own. when you consider the generally poorer levels of education and the higher cost of computers to levels of income it looks unlikely. saying that they might have some use as diplomatic bargaining chip.
when it comes to hackers identity disinformation is the norm. it just makes more sense that way.
saying that if he is genuinely in iran there is little chance of getting him ( assuming it is a him ).