September 7, 2011
GlobalSign Stops Issuing Authentication Certificates For Investigation
GlobalSign, a Belgian security firm, has stopped issuing authentication certificates for websites.
If the attack is confirmed then it would be the second security breach at a European certificate authority in two months.
Comodohacker claimed responsibility for an attack on DigiNotar that saw hundreds of fake authentications issued.
Certificate authorities (CAs) are companies or public bodies whose job is to confirm that secure websites are genuine.
Once a computer connects to a site with TLS or SSL authentication, a certificate is issued that verifies the site's identity to the web browser.
Comodohacker claimed to have gained access to four certificate authorities.
GlobalSign said it was temporarily ceasing the issuance of all certificates while it investigated the claims.
The hacker responsible for the DigiNotar hacks said it was for political reasons: "Dutch government is paying what they did 16 years ago about Srebrenica, you don't have any more e-Government huh?"
The reference is to the 1995 Srebrenica massacre where Serbian forces killed over 8,000 Bosnian Muslims.
On the Net: