The Tech Herald

More fallout from DigiNotar compromise as GlobalSign halts sales

by Steve Ragan - Sep 8 2011, 11:00

The public warnings and claims by the Iranian responsible for the DigiNotar breach, has caused a second CA to suspend sales. This latest development comes after a security report on DigiNotar’s infrastructure highlighted several problematic areas.

A security report compiled by Fox-IT, who is investigating the breach, outlined several instances of lackluster security on DigiNotar’s network, and noted that some 300,000 Iranians were exposed in the incident. [More information is here.]

“The successful hack implies that the current network setup and / or procedures at DigiNotar are not sufficiently secure to prevent this kind of attack,” the Fox-IT report stated.

“The network has been severely breached. All CA servers were members of one Windows domain, which made it possible to access them all using one obtained user/password combination. The password was not very strong (Pr0d@dm1n) and could easily be brute-forced. The software installed on the public web servers was outdated and not patched. No antivirus protection was present on the investigated servers…No secure central network logging is in place.”

After that report, things went downhill.

Microsoft “deemed all DigiNotar certificates to be untrustworthy” and promptly pushed an update to all Windows platforms that “revokes the trust” of the DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store.”

In addition, citing the need to “protect the privacy and security” of their users, Google also revoked “all of the Certificate Authorities operated by DigiNotar.”

Mozilla has released patches revoking DigiNotar as well for Firefox users on version 6.0.2 and 3.6.22.

As for Apple... “Tap, tap, tap... Hello, Apple? Are you there? Your competitors (Microsoft, Google, Mozilla) are protecting their customers promptly and openly. I know you don't like to talk about security, but now would be a great time to show you care,” commented Sophos’ Chester Wisniewski.

As mentioned, a second CA is impacted by the DigiNotar incident. Yet, based on their public statements, they are being pro-active.

“On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to 4 further high profile Certificate Authorities, and named GlobalSign as one of the 4,” a statement from GlobalSign explains.

“GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible. We apologize for any inconvenience.”

They have hired Fox-IT as a precautionary measure to help with their investigation of ComodoHacker’s claims.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

NBA All-Star LeBron James Teams with Kia

NBA All-Star LeBron James has signed a deal with Kia to be the company’s first luxury ambass...

Classic Car Buying Guide: Hillman Super Minx

What to look for when buying a Classic Car: We use The Hillman Super Minx as an example What...

A Guy Let His Wife Loose With A Sharpie On His Car. What She Did Will Blow Your Mind.

This guy let his wife loose with a sharpie on his Nissan Skyline R33 GTR — and the result is...

2015 Nissan Armada Prices

Nissan has released pricing details for the 2015 Nissan Armada in the US. The 2015 Nissan Ar...

Aquaplaning Danger Highlighted in Video

This UK video highlights the dangers of aquaplaning. When you drive your car over some sitti...