back to article GlobalSign stops issuing SSL certs, probes hacker claims

GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar. The self-named Comodohacker used pastebin in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The …


This topic is closed for new posts.
  1. Danny 2 Silver badge

    Thwarted by the CEO?

    The CEO of every CA should be chained to their desks to manually verify everything until they can prove their systems security. That'd encourage them to take security more seriously.

  2. Ian Yates


    A responsible approach? How... novel...

    I'm sure no one would have batted an eye-lid if they'd just stayed schtum and investigated in private.

  3. Ken Hagan Gold badge


    The claim appears to be roughly "I know your password, but I'm not telling.". How is anyone supposed to disprove that? Isn't this a FUD-based DoS attack on a CA who (particularly in the current climate) wants to be seen to be doing the right thing?

    1. nyelvmark

      @Ken Hagan

      Actually, it's cleverer than that. It's "I know 4 people's passwords, but I'm not telling which".

      If any CA's security is breached in the next few years, this genius can claim the credit.

      Thus, his message is an informational null.

  4. I ain't Spartacus Gold badge


    "Every so often, the English shoot an admiral, to encourage the others."

    Perhaps the browser makers having just assassinated one CA, will encourage better behaviour from the others for a while. I wonder if we could bring this policy to other badly performing corporate sectors? Although maybe I'm being unfair, and Global Sign would have been this good anyway.

    However, it should be pointed out that governments round the world didn't bail out all the banks, but allowing a couple to go bust hasn't noticeably improved behaviour or attitudes in the rest.

    But sometimes, a healthy fear of consequences can work wonders.

  5. alec horley

    by way of interest

    Around the end of last week globalsign's OCSP servers were having major issues. They claimed it was due to server upgrades, but maybe it was our friend here?

    1. nyelvmark

      @by way of interest

      ...or maybe it was because of Lulzsec, or Iran, or China, or the CIA, or Google, or...

      Just because you're paranoid doesn't mean they aren't out to get you.

  6. Adam Inistrator

    problem in browser not "ca"

    chain of trust is ... I trust browser .. browser trusts ca ... ca trusts anybody they like

    Dont blame the ca ... blame the browser for gaily trusting a clearly untrustworthy ca

    Blame yourself for trusting untrustworthy browsers ... although you have little chance except with ff plugins to find a trustworthy browser.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022