Mozilla warns Web certificate issuing companies to show proff that their systems are safe or risk being blocked
GlobalSign has become the second company to halt issuing SSL certificates or certificates guaranteeing the security of websites, after an anonymous hacker claimed to have breached its ecurity.
Recently, it was revealed that Dutch company DigiNotar had its certificates stolen by hackers.
GlobalSign, the Belgium-based subsidiary of Japan’s GMO Internet, said that though its unsure whether it has actually been hacked, the company is taking threats by an anonymous hacker seriously.
After last week’s revelations of the breach in DigiNotar, Google has also advised its users in Iran to change their passwords.
"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail," Google vice president of security engineering Eric Grosse said.
"While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts," Grosse said.
Mozilla has asked Web certificate authorities to audit their security or risk being dumped from Firefox, according to a BBC report.
Mozilla has said that Web security issuing companies must provide proof that they other companies have protected their systems and reveal what steps the issuers take when certificates are issued to prevent fraudulent certificates form being generated.
Meanwhile the Netherlands’ national prosecutors have begun a probe into the breach at DigiNotar for possible criminal negligence.
Preliminary investigations showed that the company’s negligence could have led to hacking and fraudulent use of its certificates.
DigiNotar has said that an "intrusion" resulted in the "fraudulent issuance of public key certificate requests for a number of domains, including Google.com."
"At that time, an external security audit concluded that all fraudulently issued certificates were revoked," DigiNotar said.
"Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time."
"After being notified by Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate," the company said.
It is believed that the stolen Web security certificates from DigiNotar were used to spy on 300,000 Iranian Google email accounts. Close to 300,000 unique IP addresses from Iran requested access to Google.com using a rogue certificate issued by Dutch digital certificate authority DigiNotar, according to an interim report by security firm, Fox-IT, released on Monday.
The rogue certificates were issued on 10 July by DigiNotar, and finally revoked on 29 August.
The report said that DigiNotar used weak passwords, did not update its software on public servers and had no antivirus protection on internal servers. DigiNotar has also been accused of being slow to disclose a hacking incident which is susspected to have been supported by the Iranian government.