Saturday, September 10, 2011

GlobalSign Says Web Server Was Hacked, But No Signs of CA Breach

Via -

GlobalSign has found evidence that its main Web server was compromised recently, but has not discovered any indications that its certificate authority infrastructure was hacked, contrary to claims by the attacker responsible for the DigiNotar CA hack.

The company, which is one of the larger CAs in the world, has been investigating claims by the Comodohacker that he has penetrated the GlobalSign CA infrastructure. It has retained Fox-IT, the same company that did the forensics of DigiNotar's systems in the wake of its attack, and GlobalSign has suspended its issuance of digital certificates until at least Monday while it finishes the investigation.

However, the company said on Friday that it had not found any direct evidence of a breach of its certificate authority systems.

Today we found evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the website. At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues," the GlobalSign statement said.


GlobalSign has said that it plans to bring some of its CA services back online on Monday. The fact that no evidence of a breach has been found so far clearly doesn't rule out the possibility that the attacker did indeed compromise the GlobalSign CA, but just means that the investigation hasn't turned up concrete evidence of an intrusion.

No comments:

Post a Comment