GlobalSign breach stemmed from unpatched server

GlobalSign was left red-faced last year after one of its Web servers was hacked. It turns out the incident was due to a piece of open-source software not being updated, a senior GlobalSign executive told sister site ZDNet UK.

The company ceased issuing certificates, and shut down its operations. GlobalSign said it keeps SSL-certificate issuing infrastructure "separate" from its Web site -- a common practice -- and reiterated that its operations was secure.

GlobalSign's own Web site, the site's certificate, and some other public-facing documents were compromised during the hack, but no other servers were breached.

The SSL Web site certificate-issuing giant tore down and rebuilt its systems after the Web server was accessed by a hacker going by the name "Comodohacker."

It resumed issuing Web site certificates a week later and said it has "learned much" from the incident.

An external audit showed that GlobalSign's operations were safe and secure, but its Web site certificate was taken and could have been used to impersonate the company's Web site.

GlobalSign's root certificate is disconnected from the Web, and cannot be accessed without a series of stringent security checks. ZDNet UK reports: "a person must retrieve the machine [holding GlobalSign's root certificate] from a locked box, insert a number of smart cards, and type in multiple PINs and access codes."

It came only weeks after DigiNotar, a Dutch certificate authority, which issued SSL certificates for the Dutch government among others, was compromised and subsequently went bankrupt. Over 500 certificates were thought to have been stolen. The Dutch government said it could "not [at the time] guarantee the security" of its online services.

Another Dutch issuer, KPN, suspended its operations after a security breach was discovered in November.

This story was originally published at ZDNet's Between the Lines under the headline "Unpatched server led to GlobalSign breach."