View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 16, 2011

Globalsign brings back service in ‘controlled way’

A Web server has been compromised, admits company

By CBR Staff Writer

Web authentication authority GlobalSign is bringing customers back online, but has apologised that some customers could face delays.

Earlier this week, the company discovered that one of its servers has been compromised.

The company said on its Incident Response webpage, "We are now bringing customers back online in a controlled way, we appreciate the patience as we work through the account reactivation and order backlog. We apologise, but there will be some delays returning some specific services to normal operation."

GlobalSign has been working with Cyber Defense Institute Japan as part of the reactivation process, after it become the second company to halt issuing SSL certificates or certificates guaranteeing the security of websites, after an anonymous hacker claimed to have breached its security.

Recently, it was revealed that Dutch company DigiNotar had its certificates stolen by hackers.

GlobalSign, the Belgium-based subsidiary of Japan’s GMO Internet, had said earlier that it has found eveidence of a security breach.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

It said on 9 September, "Today we found evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the website.

"At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues."

The company added, "All forensics are being shared with the authorities and other CAs to assist with their own investigations into other potentially related attacks."

It is believed that the stolen Web security certificates from DigiNotar were used to spy on 300,000 Iranian Google email accounts. Close to 300,000 unique IP addresses from Iran requested access to using a rogue certificate issued by Dutch digital certificate authority DigiNotar, according to an interim report by security firm, Fox-IT.

The rogue certificates were issued on 10 July by DigiNotar, and finally revoked on 29 August.

The report said that DigiNotar used weak passwords, did not update its software on public servers and had no antivirus protection on internal servers. DigiNotar has also been accused of being slow to disclose a hacking incident which is susspected to have been supported by the Iranian government.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.