GlobalSign breach stemmed from unpatched server

GlobalSign was left red-faced last year after one of its Web servers was hacked. It turns out the incident was due to a piece of open-source software not being updated, a senior GlobalSign executive told sister site ZDNet UK.

The company ceased issuing certificates, and shut down its operations. GlobalSign said it keeps SSL-certificate issuing infrastructure "separate" from its Web site -- a common practice -- and reiterated that its operations was secure.

GlobalSign's own Web site, the site's certificate, and some other public-facing documents were compromised during the hack, but no other servers were breached.… Read more

Mozilla gets tough after digital certificates hack

Firefox browser distributor Mozilla today gave companies that sell digital certificates a week to take actions to improve their security after a certificate authority (CA) was hacked and Gmail users in Iran were targeted in a recent attack.

When a Web surfer visits a site over a protected SSL (Secure Sockets Layer) connection, the browser provides a visual indication that the site is trusted--a green URL bar or padlock, usually--based on the digital certificate for the site. If the digital certificate, which is used to authenticate a site as legitimate, is revoked or has some other problem, the browser will … Read more

Second firm stops issuing digital certificates

A second company that provides digital certificates used to authenticate Web sites won't be issuing them while it investigates whether it has been compromised as a hacker has claimed.

A hacker who goes by the alias "Ich Sun" has taken responsibility for a recent breach at Dutch certificate authority DigiNotar that resulted in more than 500 SSL (Secure Sockets Layer) certificates being fraudulently issued, including one that was used to spoof

The self-proclaimed Iranian patriot, who was behind a hack on certificate authority Comodo this spring, says he has hacked four or more certificate authorities, … Read more