CERTIFICATION AUTHORITY Globalsign has admitted that it was the target of a recent attack, but added that its systems and certificates were not compromised.
The threat of exposure followed the efforts of the Comodohacker, who in early September hacked certificate authority Diginotar and issued bogus certificates as a result. At the time it was suggested that Globalsign had also been affected, but if it was, apparently it was not severely affected.
In a security incident report just released by the firm, it said that despite earlier suggestions it had found no evidence of any rogue certificates having been issued, that no customer data was exposed, and that no harm was done to its infrastructure or systems.
It did confirm that a peripheral web server, which is not part of its certificate issuance infrastructure and hosted a public facing web property, had been breached, however. This means that some data could have been exposed, including publicly available HTML pages, publicly available PDFs, and the SSL certificate and keys issued to www.globalsign.com. According to its statement these were deemed compromised and revoked.
Globalsign said that it responded to the threat with an immediate, strong response, including nine days of service disruption when it stopped issuing certificates.
"The self-titled attacker 'Comodohacker' has been assumed to be a credible threat to security providers," said the firm in its disclosure about the hacking.
"The same post also stated that several other CAs had been compromised, including a reference to GlobalSign. GlobalSign deemed the threat credible and immediately began a thorough network analysis, assuming a highly sophisticated attack had been executed on, or was in process against, multiple Certificate Authorities. GlobalSign deemed the most responsible reaction was to halt issuance of new Certificates."
Globalsign worked with Fox-IT, the company that raised awareness about the security threat, in resolving the issue and resuming its services. µ
Home, Home on the strange
Team Red is prepping Navi for the budget GPU arena
Early-adopters beta be careful
China back in your hands