This is a mirror of official site: http://jasper-net.blogspot.com/

Second firm stops issuing digital certificates

| Thursday, September 8, 2011
A second company that provides digital certificates used to authenticate Web sites won't be issuing them while it investigates whether it has been compromised as a hacker has claimed.

A hacker who goes by the alias "Ich Sun" has taken responsibility for a recent breach at Dutch certificate authority DigiNotar that resulted in more than 500 SSL (Secure Sockets Layer) certificates being fraudulently issued, including one that was used to spoof Google.com.

The self-proclaimed Iranian patriot, who was behind a hack on certificate authority Comodo this spring, says he has hacked four or more certificate authorities, including GlobalSign.

GlobalSign said in a statement on its Web site yesterday that it is investigating the matter.

"GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA (certificate authority), we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible," the statement said.

The company also said it had hired Dutch security experts Fox-IT to help with the investigation as "a precautionary measure as we continue to assess the Comodohacker's claims."

Initially, it was suspected that someone working on behalf of the government of Iran had obtained the fake Google.com certificate to access Gmail accounts of Iranian citizens who believed they were connecting to Google over a secured connection.

However, Ichsun said he was protesting the failure of Dutch U.N. security forces to prevent a massacre in Srebrenica 16 years ago. In the Comodo breach, he claimed he was protesting U.S. foreign policy.

Read more: CNet news
QR: ?part=rss&subj=news&tag=2547-1_3-0-20

Posted via email from Jasper-net

0 comments: