The certificate authority called GlobalSign is no longer issuing digital certificates after ComodoHacker stated he had access to their systems.
In a recent article
, the infamous ComodoHacker was quoted as saying that he had access to other major CAs, one of them being GlobalSign. Actually, it was the only company of the four that he mentioned by name.
This announcement has made company officials worry, especially after seeing what happened to the Dutch authority in the past days.
To avoid the cruel fate of DigiNotar, they immediately stopped issuance of their products, stating that “As a responsible CA, we have decided to temporarily cease issuance of all certificates until the investigation is complete. We will post updates as frequently as possible. We apologise for any inconvenience.”
According to Chester Wisniewski
, “Their response is interesting. While we don't know if they have been compromised (and arguably, neither do they) they are making a tough choice that is what we should expect from organizations whose business models rely on trust.”
“It's possible the accusations are simply from an anonymous raving lunatic. Yet they could be true, and rather than put the greater internet community at risk, GlobalSign is forgoing some revenue out of an abundance of caution,” he wrote on the Sophos blog.
We all hope that he's right and the claims are only made by a lunatic, but nevertheless the actions taken by them are applauded by the entire internet community. These types of decisions can represent the lifeboat for such a company, as later when the whole thing is over, they can pick up from almost where they've left off, unlike those who tried to handle crisis situation in-house.
A press release issued on September 7 by the fifth largest CA reveals that “Today, GlobalSign has officially announced the appointment of Fox-IT to assist with investigations into the claimed breach. Fox-IT is the Dutch cybersecurity experts hired to investigate the compromise of the Dutch CA DigiNotar and therefore already have a wealth of current knowledge and experience of the hacker.”