Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security The Internet IT

GlobalSign Web Server Hacked, But Not CA 35

Trailrunner7 writes "GlobalSign has found evidence that its main Web server was compromised recently, but has not discovered any indications that its certificate authority infrastructure was hacked, contrary to claims by the attacker responsible for the DigiNotar CA hack."
This discussion has been archived. No new comments can be posted.

GlobalSign Web Server Hacked, But Not CA

Comments Filter:
  • by Anonymous Coward

    by the _self claimed_ attacker _supposedly_ responsible for the DigiNotar CA hack**

  • Guess who I'm more inclined to believe: an anonymous supossed hacker or a certificate CA?
    • Well, since the hacker only seems to have claimed (according to TFA) that he got access to their webserver, how about both?
    • by nzac ( 1822298 ) on Saturday September 10, 2011 @05:17PM (#37364488)

      The hacker who wants some credibility.

      The company who might get their certificates revoked.
      Seriously how hard would you look for the security breach that would destroy the entire company (it appears to be their only product). You can go back later and say you found the breach.

      There is far too much money at stake to trust the company.

  • by mysidia ( 191772 ) * on Saturday September 10, 2011 @05:34PM (#37364552)

    The CA/PKI might not have been invaded yet A compromise of a website can lead to an intruder gaining further access, however.

    Suffice to say... access to a webserver is a foothold that an intruder can attempt to leverage to gain further access. Depending on how robust the further lines of defenses are, and if any security mistakes were made (such as webservers allowed through firewalls to some internal hosts or credentials the intruder can capture that can lead to access to systems closer to back office or CA functions).

    Even a compromise that doesn't result in immediate PKI access may lead to that, through additional successive breaches, and successive social engineering... also known as "Advanced Persistent Threat" (to use the latest lingo for referring to the situation)

    • by Anonymous Coward

      Ummm... Your assuming the website is connected, logically or physically, to their CA infrastructure. Fundamentally what you're saying is true, but so is "someone broke a car in their parking lot so they may be able to issue their own certs." You're making assumptions about their web infrastructure, what was broken into, and what "break into" means.

      • Well, another thing they could potentially do is replace the public root certs hosted on the web site with their own... Then anyone who goes looking for that CA's root cert on the site will get the malicious one, opening them up to MITM attacks. Secure key distribution can be difficult.
      • by mysidia ( 191772 ) *

        It's reasonable to assume the website is logically connected. CAs generally execute their transactions through the website. Especially for domain validated certs, usually the process of issuing a certificate is entirely automatic -- the customer logs in through the website, requests a certificate either by filling out a form or sending in a CSR. If they fill in a form and the CA generates their private key, the person who compromised the website might be able to steal the customer's private key, w

        • by Dewin ( 989206 )

          It's reasonable to assume the website is logically connected. CAs generally execute their transactions through the website. Especially for domain validated certs, usually the process of issuing a certificate is entirely automatic -- the customer logs in through the website, requests a certificate either by filling out a form or sending in a CSR. If they fill in a form and the CA generates their private key, the person who compromised the website might be able to steal the customer's private key, when the cu

      • If I had to guess I'd say the front end probably places the incoming CSRs somewhere the actual CA infrastructure can get them - possibly a common database in a DMZ - but there'd never any direct communication between the two, they always go via the passive intermediary.

    • by Lennie ( 16154 )

      Just an example, it can be used to get the cookies/login-information from all the customers.

  • by Pop69 ( 700500 ) <billy@bCURIEenarty.co.uk minus physicist> on Saturday September 10, 2011 @05:56PM (#37364636) Homepage
    They should be assuming their CA is compromised and acting accordingly.

    Any other way of looking at it is stupidity of the highest order
  • ..., But Not CA

    For some reason my mind actually read that as "..., But No Cigar". Good Job.

    • ..., But Not CA

      For some reason my mind actually read that as "..., But No Cigar". Good Job.

      I read it as, "..., but not California". SMILE

  • I mean, it's not like they stand to lose their entire business if they were compromised or anything. I'm sure they can be trusted.

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...