Feeds

back to article GlobalSign stops issuing SSL certs, probes hacker claims

GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar. The self-named Comodohacker used pastebin in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The …

COMMENTS

This topic is closed for new posts.

Thwarted by the CEO?

The CEO of every CA should be chained to their desks to manually verify everything until they can prove their systems security. That'd encourage them to take security more seriously.

6
0
Bronze badge

Responsible?

A responsible approach? How... novel...

I'm sure no one would have batted an eye-lid if they'd just stayed schtum and investigated in private.

0
0
Gold badge

Interesting.

"Every so often, the English shoot an admiral, to encourage the others."

Perhaps the browser makers having just assassinated one CA, will encourage better behaviour from the others for a while. I wonder if we could bring this policy to other badly performing corporate sectors? Although maybe I'm being unfair, and Global Sign would have been this good anyway.

However, it should be pointed out that governments round the world didn't bail out all the banks, but allowing a couple to go bust hasn't noticeably improved behaviour or attitudes in the rest.

But sometimes, a healthy fear of consequences can work wonders.

1
0
Gold badge

Proof?

The claim appears to be roughly "I know your password, but I'm not telling.". How is anyone supposed to disprove that? Isn't this a FUD-based DoS attack on a CA who (particularly in the current climate) wants to be seen to be doing the right thing?

2
0
Boffin

@Ken Hagan

Actually, it's cleverer than that. It's "I know 4 people's passwords, but I'm not telling which".

If any CA's security is breached in the next few years, this genius can claim the credit.

Thus, his message is an informational null.

0
0

by way of interest

Around the end of last week globalsign's OCSP servers were having major issues. They claimed it was due to server upgrades, but maybe it was our friend here?

1
1
Happy

@by way of interest

...or maybe it was because of Lulzsec, or Iran, or China, or the CIA, or Google, or...

Just because you're paranoid doesn't mean they aren't out to get you.

0
0

problem in browser not "ca"

chain of trust is ... I trust browser .. browser trusts ca ... ca trusts anybody they like

Dont blame the ca ... blame the browser for gaily trusting a clearly untrustworthy ca

Blame yourself for trusting untrustworthy browsers ... although you have little chance except with ff plugins to find a trustworthy browser.

0
0
This topic is closed for new posts.