Discover Yahoo! With Your Friends

Explore news, videos, and much more based on what your friends are reading and watching. Publish your own activity and retain full control.

To get started, first

YOUR FRIENDS' ACTIVITY

    GlobalSign Stops Issuing Security Certificates Pending Probe

    By Barry Levine, newsfactor.com | Newsfactor.com – Wed, Sep 7, 2011
    A leading security certificate authority, GlobalSign, has announced it will stop issuing new certificates pending an investigation into security threats. The action comes following an earlier announcement that a hacker or group of hackers had compromised several issuers of certificates.

    The hacker, who calls himself Ichsun and who is known as the Comodo Hacker for a March security break-in to that company, has posted messages about other security breaches on Pastebin, a site where programmers can store and share pieces of source code or configuration text. Comodo Hacker claims responsibility for an online break-in in July to the Dutch certificate authority, DigiNotar.

    More Severe Than Expected

    DigiNotar fraudulent certificates had been issued to Google, the CIA, Facebook, Microsoft, Twitter, WordPress, and Israel's intelligence agency, Mossad. The hacker Monday named four other high-profile certificate authorities that he claimed also had been breached, with GlobalSign listed as No. 4. GlobalSign is considered to be the fifth-largest issuer of online security certificates.

    "GlobalSign takes this claim very seriously and is currently investigating," the company said in a statement. GlobalSign has brought in Fox-IT, a Dutch cybersecurity firm, to assist the company with the investigation.

    Last week, following reports of fraudulent secure sockets layer (SSL) certificates from DigiNotar, the Dutch government took control of that certificate authority and employed Fox-IT to begin an investigation.

    On Monday, Fox-IT said in a preliminary report that the breach at DigiNotar was more severe than had been originally expected. Stolen certificates, it said, could have been used for some time to spy on visitors to popular sites, as DigiNotar was compromised for more than a month.

    The DigiNotar breach follows the March break-in to Comodo, whose slogan is "creating trust online" and which provides authentication for individuals, businesses, and websites, including SSL certificates. Comodo Hacker apparently found that a dynamic-link library file, or DLL, used in the submission of certificate signing requests, or CSRs, enabled him to issue fake CSRs that appeared to have been submitted by Comodo.

    'Experience of 1,000 Hackers'

    Comodo Hacker has said he was Iranian, although he claimed no connection with a group called the Iranian Cyber Army.

    "I'm not a group," he said in one posting, but instead is a "single hacker with experience of 1,000 hackers."

    Security blogger Chester Wisniewski, a senior security adviser at Sophos Canada, asked on his blog why, if the Comodo Hacker is an individual not aligned with the regime in Iran, he would "issue certificates for these specific websites all related to secure communication methods often used by dissidents to organize protests and share news with the world"?

    Earlier this week, a Fox-IT preliminary report indicated that virtually all the attacks on DigiNotar originated in Iran, and there has been suspicion that this was part of an effort by that country's government to spy on Iranian dissidents who communicate through the Internet. Fake online security certificates can be used to intercept and read encrypted web traffic, such as emails, banking and log-ins.

    Wisniewski praised GlobalSign's action, noting that the claims by Comodo Hacker of other break-ins could be false.

    "Yet," he wrote, "they could be true, and rather than put the greater Internet community at risk, GlobalSign is foregoing some revenue out of an abundance of caution."

     

    There are no comments yet

    [ [ [['Connery is an experienced stuntman', 2]], 'http://yhoo.it/KeQd0p', '[Slideshow: See photos taken on the way down]', ' ', '630', ' ', ' ', ], [ [['Connery is an experienced stuntman', 7]], ' http://yhoo.it/KpUoHO', '[Slideshow: Death-defying daredevils]', ' ', '630', ' ', ' ', ], [ [['know that we have confidence in', 3]], 'http://yhoo.it/LqYjAX ', '[Related: The Secret Service guide to Cartagena]', ' ', '630', ' ', ' ', ], [ [['We picked up this other dog and', 5]], 'http://yhoo.it/JUSxvi', '[Related: 8 common dog fears, how to calm them]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 5]], 'http://bit.ly/JnoJYN', '[Related: Did WH share raid details with filmmakers?]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 3]], 'http://bit.ly/KoKiqJ', '[Factbox: AQAP, al-Qaeda in Yemen]', ' ', '630', ' ', ' ', ], [ [['have my contacts on or glasses', 3]], 'http://abcn.ws/KTE5AZ', '[Related: Should the murder charge be dropped?]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 5]], 'http://yhoo.it/JD7nlD', '[Related: Bristol Palin reality show debuts June 19]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 1]], 'http://bit.ly/JRPFRO', '[Related: McCain adviser who vetted Palin weighs in on VP race]', ' ', '630', ' ', ' ', ], [ [['A JetBlue flight from New York to Las Vegas', 3]], 'http://yhoo.it/GV9zpj', '[Related: View photos of the JetBlue plane in Amarillo]', ' ', '630', ' ', ' ', ], [ [['the 28-year-old neighborhood watchman who shot and killed', 15]], 'http://news.yahoo.com/photos/white-house-stays-out-of-teen-s-killing-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120411/martinzimmermen.jpg', '630', ' ', 'AP', ], [ [['Titanic', 7]], 'http://news.yahoo.com/titanic-anniversary/', ' ', 'http://l.yimg.com/a/p/us/news/editorial/b/4e/b4e5ad9f00b5dfeeec2226d53e173569.jpeg', '550', ' ', ' ', ], [ [['He was in shock and still strapped to his seat', 6]], 'http://news.yahoo.com/photos/navy-jet-crashes-in-virginia-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120406/jet_ap.jpg', '630', ' ', 'AP', ], [ [['xxxxxxxxxxxx', 11]], 'http://news.yahoo.com/photos/russian-grannies-win-bid-to-sing-at-eurovision-1331223625-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/a/p/us/news/editorial/1/56/156d92f2760dcd3e75bcd649a8b85fcf.jpeg', '500', ' ', 'AP', ] ]
    [ [ [['did not go as far his colleague', 8]], '29438204', '0' ], [ [[' the 28-year-old neighborhood watchman who shot and killed', 4]], '28924649', '0' ], [ [['because I know God protects me', 14], ['Brian Snow was at a nearby credit union', 5]], '28811216', '0' ], [ [['The state news agency RIA-Novosti quoted Rosaviatsiya', 6]], '28805461', '0' ], [ [['measure all but certain to fail in the face of bipartisan', 4]], '28771014', '0' ], [ [['matter what you do in this case', 5]], '28759848', '0' ], [ [['presume laws are constitutional', 7]], '28747556', '0' ], [ [['has destroyed 15 to 25 houses', 7]], '28744868', '0' ], [ [['short answer is yes', 7]], '28746030', '0' ], [ [['opportunity to tell the real story', 7]], '28731764', '0' ], [ [['entirely respectable way to put off the searing constitutional controversy', 7]], '28723797', '0' ], [ [['point of my campaign is that big ideas matter', 9]], '28712293', '0' ], [ [['As the standoff dragged into a second day', 7]], '28687424', '0' ], [ [['French police stepped up the search', 17]], '28667224', '0' ], [ [['Seeking to elevate his candidacy back to a general', 8]], '28660934', '0' ], [ [['The tragic story of Trayvon Martin', 4]], '28647343', '0' ], [ [['Karzai will get a chance soon to express', 8]], '28630306', '0' ], [ [['powerful storms stretching', 8]], '28493546', '0' ], [ [['basic norm that death is private', 6]], '28413590', '0' ], [ [['songwriter also saw a surge in sales for her debut album', 6]], '28413590', '1', 'Watch music videos from Whitney Houston ', 'on Yahoo! Music', 'http://music.yahoo.com' ], [ [['keyword', 99999999999999999999999]], 'videoID', '1', 'overwrite-pre-description', 'overwrite-link-string', 'overwrite-link-url' ] ]

    News For You

    Loading...