GlobalSign temporarily halts issuing certificates to investigate breach claim


GlobalSign temporarily halts issuing certificates to investigate breach claim

Robert Westervelt, News Director

Belgium-based SSL certificate provider GlobalSign has temporarily halted the issuance of digital certificates while it conducts an internal audit of its systems.

The certificate authority

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

is trying to determine if its systems were breached after it was named as one of four certificate providers that have been targeted by the hacker who claimed responsibility for the DigiNotar CA breach and earlier Comodo reseller breaches

“GlobalSign takes this claim very seriously and is currently investigating,” the company said in a brief announcement on its website. “As a responsible CA, we have decided to temporarily cease issuance of all certificates until the investigation is complete.”

The claims the hacker made on Pastebin, a software developer website, have been unverified. The hacker also named StartCom Ltd., a free SSL certificate provider.

GlobalSign, which started operations in 1996, was one of the first CAs. The company is currently a subsidiary of GMO Internet Inc.

According to security experts, VeriSign and Comodo are the largest issuers of digital certificates, making up more than half the market. GlobalSign is one of hundreds of others, including CyberTrust and RapidSSL, which offer CA services.

CA alternatives

Chester Wisniewski, a senior security consultant with Sophos LLC, called GlobalSign’s reaction responsible, and said the decision to halt issuance of new certificates must have been a tough one. Wisniewski said the current digital certificate system is fragile and needs massive changes to ensure its security and integrity. 

“We’re so entrenched in this current CA system which is worth hundreds of millions to these providers,” he said. “There needs to be a conversation about alternatives.”

Two alternatives to the current system are being tested and show promise, Wisniewski said. Perspectives Project is a notary system that monitors the SSL certificates without relying on certificate authorities. The project currently uses a Mozilla Firefox Extension to function in the browser. It is being funded by a grant from the National Science Foundation and is being managed by Carnegie Mellon University.  Another project, Convergence, is an offshoot of the Perspectives Project. It is being developed by noted security researcher Moxie Marlinspike and aims to strip away the CA system with a configurable set of notaries that validate a website by checking it from different network locations.