Slashdot Mirror

← Back to Stories (view on slashdot.org)

GlobalSign Web Server Hacked, But Not CA

Posted by timothy on from the goes-the-story-thus-far dept.

Trailrunner7 writes "GlobalSign has found evidence that its main Web server was compromised recently, but has not discovered any indications that its certificate authority infrastructure was hacked, contrary to claims by the attacker responsible for the DigiNotar CA hack."

6 of 35 comments (clear)

  1. Hint: Not GlobalSign by sudonim2 · · Score: 2

    Guess who I'm more inclined to believe: an anonymous supossed hacker or a certificate CA?

  2. Both have good reasons to lie by nzac · · Score: 3, Interesting

    The hacker who wants some credibility.

    The company who might get their certificates revoked.
    Seriously how hard would you look for the security breach that would destroy the entire company (it appears to be their only product). You can go back later and say you found the breach.

    There is far too much money at stake to trust the company.

  3. They found a compromise... by mysidia · · Score: 3, Informative

    The CA/PKI might not have been invaded yet A compromise of a website can lead to an intruder gaining further access, however.

    Suffice to say... access to a webserver is a foothold that an intruder can attempt to leverage to gain further access. Depending on how robust the further lines of defenses are, and if any security mistakes were made (such as webservers allowed through firewalls to some internal hosts or credentials the intruder can capture that can lead to access to systems closer to back office or CA functions).

    Even a compromise that doesn't result in immediate PKI access may lead to that, through additional successive breaches, and successive social engineering... also known as "Advanced Persistent Threat" (to use the latest lingo for referring to the situation)

    1. Re:They found a compromise... by Dewin · · Score: 2

      It's reasonable to assume the website is logically connected. CAs generally execute their transactions through the website. Especially for domain validated certs, usually the process of issuing a certificate is entirely automatic -- the customer logs in through the website, requests a certificate either by filling out a form or sending in a CSR. If they fill in a form and the CA generates their private key, the person who compromised the website might be able to steal the customer's private key, when the customer downloads it using the website.

      It's been awhile, but I do not believe there is any point in the CSR process where the CA ever gets a copy of your private key.

      --
      Of course nobody reads the FAQ! If people read the FAQ, the Questions wouldn't be so Frequently Asked.
  4. Realistically by Pop69 · · Score: 2

    They should be assuming their CA is compromised and acting accordingly.

    Any other way of looking at it is stupidity of the highest order

  5. Not CA by andresambrois · · Score: 2

    ..., But Not CA

    For some reason my mind actually read that as "..., But No Cigar". Good Job.