The public warnings and claims by the Iranian responsible for the DigiNotar breach, has caused a second CA to suspend sales. This latest development comes after a security report on DigiNotar’s infrastructure highlighted several problematic areas.
A security report compiled by Fox-IT, who is investigating the breach, outlined several instances of lackluster security on DigiNotar’s network, and noted that some 300,000 Iranians were exposed in the incident. [More information is here.]
“The successful hack implies that the current network setup and / or procedures at DigiNotar are not sufficiently secure to prevent this kind of attack,” the Fox-IT report stated.
“The network has been severely breached. All CA servers were members of one Windows domain, which made it possible to access them all using one obtained user/password combination. The password was not very strong ([email protected]) and could easily be brute-forced. The software installed on the public web servers was outdated and not patched. No antivirus protection was present on the investigated servers…No secure central network logging is in place.”
After that report, things went downhill.
Microsoft “deemed all DigiNotar certificates to be untrustworthy” and promptly pushed an update to all Windows platforms that “revokes the trust” of the DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store.”
In addition, citing the need to “protect the privacy and security” of their users, Google also revoked “all of the Certificate Authorities operated by DigiNotar.”
Mozilla has released patches revoking DigiNotar as well for Firefox users on version 6.0.2 and 3.6.22.
As for Apple... “Tap, tap, tap... Hello, Apple? Are you there? Your competitors (Microsoft, Google, Mozilla) are protecting their customers promptly and openly. I know you don't like to talk about security, but now would be a great time to show you care,” commented Sophos’ Chester Wisniewski.
As mentioned, a second CA is impacted by the DigiNotar incident. Yet, based on their public statements, they are being pro-active.
“On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to 4 further high profile Certificate Authorities, and named GlobalSign as one of the 4,” a statement from GlobalSign explains.
“GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible. We apologize for any inconvenience.”
They have hired Fox-IT as a precautionary measure to help with their investigation of ComodoHacker’s claims.