Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

GlobalSign Halts Digital Certificate Sales

GlobalSign, one of the longest established Certification Authorities (CA) today said it would temporarily cease issuance of all digital certificates following a claim that the same hacker responsible for the recent DigiNotar hack had access to four other Certificate Authorities, and named GlobalSign as one of them.

The company posted the following announcement on the incident on Tuesday afternoon:

GlobalSign, one of the longest established Certification Authorities (CA) today said it would temporarily cease issuance of all digital certificates following a claim that the same hacker responsible for the recent DigiNotar hack had access to four other Certificate Authorities, and named GlobalSign as one of them.

The company posted the following announcement on the incident on Tuesday afternoon:

On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to 4 further high profile Certificate Authorities, and named GlobalSign as one of the 4.

 

GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible.

“None of us knows where the next breach will occur, or whether it will occur in a week or three months,” said Jeff Hudson, CEO of Venafi, an Internet security company that provides enterprise key and certificate management solutions. “Enterprises must ready themselves to respond immediately if they implement the four steps of CA compromise recovery. The very serious implication is that you better wake up. Get out of denial. Understand that this is a huge issue of business continuity.”

Founded in 1996, GlobalSign sells SSL Certificates, EV SSL, Managed SSL Services, S/MIME email security and Code Signing for use on all platforms including mobile devices. The company says it has issued over 200,000 SSL server Certificates and over 1.4 million Digital Certificates and Digital IDs to people, web sites and machines.

Customers listed on GlobalSign’s Web site include Skype, BT, Adobe, Virgin Atlantic, ING, Vodafone and many more.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.