Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: GlobalSign releases security incident report. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
GlobalSign releases security incident report.

GlobalSign released a press release today to address concerns that they may have had a compromise of their CA infrastructure.
http://www.globalsign.co.uk/company/press/121411-security-incident-report.html
They did a good job of stating what they did find and what they didn’t. They also address new measures put in place to improve their overall security posture.
“We didn't find any evidence of
*  Rogue Certificates issued.
*  Customer data exposed.
*  Compromised GlobalSign Root Certificate keys and associated Hardware Security Modules (HSM).
*  Compromised GlobalSign Certificate Authority (CA) infrastructure.
*  Compromised GlobalSign Issuing Authorities and associated HSMs.
*  Compromised GlobalSign Registration Authority (RA) services.

What did happen
*  Peripheral web server, not part of the Certificate issuance infrastructure, hosting a public facing web property was breached.
*  What could have been exposed? Publicly available HTML pages, publicly available PDFs, the SSL Certificate and key issued to www.globalsign.com.
*  SSL Certificate and key for www.globalsign.com were deemed compromised and revoked. “
 

donald

206 Posts
ISC Handler
The have not revoked the SSL cert for www.globalsign.com

Common Name = www.globalsign.com
Subject Alternative Names = www.globalsign.com, globalsign.com
Issuer = GlobalSign Extended Validation CA - G2
Serial Number = 11212B0523FA14B061F78F3401895810A59F
SHA1 Thumbprint = 9E6858DFE3D0C070896A0F0ED014D98D48DFDB04
Key Length = 2048 bit
Signature algorithm = SHA1 + RSA (good)
Secure Renegotiation: Supported
The certificate expires August 15, 2013 (609 days from today)
Subject www.globalsign.com
Valid from 15/Aug/2011 to 15/Aug/2013
Issuer GlobalSign Extended Validation CA - G2
Subject GlobalSign Extended Validation CA - G2
Valid from 13/Apr/2011 to 13/Apr/2022
Issuer GlobalSign

See http://www.digicert.com/help/index.htm?host=www.globalsign.com&order_id=&x=39&y=3
sgrayban

12 Posts
You can also see the same results at https://www.ssllabs.com/ssldb/analyze.html?d=www.globalsign.com&hideResults=on

Common names www.globalsign.com
Alternative names globalsign.com www.globalsign.com
Prefix handling Both (with and without WWW)
Valid from Mon Aug 15 10:31:29 UTC 2011
Valid until Thu Aug 15 10:31:29 UTC 2013 (expires in 1 year and 8 months)

If it was revoked then the month should be December and not August.
sgrayban

12 Posts
I also checked their .co.uk domain and that cert was issued just days ago -- maybe they meant the .co.uk domain instead of the .com one ?

Common names www.globalsign.co.uk
Alternative names www.globalsign.co.uk globalsign.co.uk
Prefix handling Both (with and without WWW)
Valid from Fri Dec 09 12:30:30 UTC 2011
Valid until Mon Dec 09 12:30:30 UTC 2013 (expires in 1 year and 11 months)

sgrayban

12 Posts

Sign Up for Free or Log In to start participating in the conversation!