14 DAY TRIAL // GlobalSign representatives admitted that an open source software that was left unpatched on one of their servers allowed cybercriminals to gain access to their systems and steal a digital certificate.
A company executive told ZDNet that the application had not been updated because it wasn’t “included in versioning maintenance.”
Fortunately, the hacker, known as Comodohacker, did not gain access to the organization’s root certificate, instead he obtained one which could have allowed him to replicate the company’s site and make it legitimate-looking and trustworthy for a web browser.
According to the same exec, the root certificate that’s used to issue other certificates is stored in a location that’s not connected to the public internet, being safeguarded by both physical and digital security measures.
And once again we are presented with an incident that highlights the importance of security updates.