GlobalSign CA who had their SSL certificate business suspended for about a week finally return back to business after a thorough investigation. ComodoHacker, the hacker who claims to had gotten DigiNotar hacked mentioned that GlobalSign CA is also part of his victim.
With the release of the statement from ComodoHacker, GlobalSign CA immediately suspended their CA business to have a deep investigation on the security breach. They even bring in Fox-IT, the security consultancy firm that investigated DigiNotar issue to audit its network.
At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues.
Yes, that is the sound of good news. Everything that has to do with certificate signing was not compromised and still in good shape. They were expected to completely resume their business sometime around Tuesday after some short delay.
Bad news is the company suffered a week of business loss due to the investigation made. Although it seems that the sacrifice made is quite unnecessary now, however it is a good move by GlobalSign because in security, we cannot take any chance when there is risk.
Meanwhile, Apple had also finally released a security update to remove DigiNotar root certificates from the Mac OS trust after rounds of criticism. Before that, they were criticized for failing to respond to the DigiNotar issue in a timely manner while all its competitors such as Microsoft and Google had already responded to the issue.
Although it seems that the GlobalSign issue is clear now, but do subscribe to my RSS to know more about the DigiNotar issue as there were still three compromised CA to be reported.