Wednesday, September 7, 2011

Web authentication breach spreads

Belgian security firm GlobalSign has temporarily stopped issuing authentication certificates for secure websites.

It comes after an anonymous hacker claimed to have gained access to the company's servers.

If confirmed, it would be the second security breach at a European certificate authority in two months.

Hundreds of bogus DigiNotar authentications were issued following an intrusion into its systems.

Certificate authorities (CAs) are companies or public bodies whose job is to confirm that secure websites are genuine.

When computers connect to a site with TLS or SSL authentication, a certificate is issued which verifies the site's identity to the web browser.

Fake certificates could allow someone to spy on a user's activity.

Multiple targets

GlobalSign took action as the result of a posting which appeared on the online notice board Pastebin.

The author, who identified themselves only as "ComodoHacker", claimed to have gained access to four certificate authorities, in addition to DigiNotar.

Only GlobalSign is named, although the message points out that an attack on StartCom was foiled by its boss Eddy Nigg.

ComodoHacker also refers to an attack on US certificate authority Comodo, which was targeted in March.

As a precaution, GlobalSign said it was temporarily ceasing the issuance of all certificates while it investigated the claims.

The hacker also played down suggestions that the attacks were the work of Iranian authorities.

"I'm single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, I'm not one who should explain," said the posting.

It had been suggested that, because many of the bogus DigiNotar certificates were issued to users in Iran, that authorities in there may have initiated the CA hack as a tool for spying on dissidents.

A report on the DigiNotar attack said that up to 300,000 Iranians may have had their Gmail accounts monitored as a result of a fake Google certificate being created.

Hacktivist

While the anonymous posting contains no information about the identity of the CA hacker, it does detail a political agenda.

The message states: "Dutch government is paying what they did 16 years ago about Srebrenica, you don't have any more e-Government huh?"

It appears to reference the apparent non-intervention of Dutch peacekeeping forces during the notorious 1995 Srebrenica massacre, where Serbian forces killed more than 8,000 Bosnian Muslims.

DigiNotar certificates are used to authenticate many online services offered by the Dutch government, although the company has said that these use a separate system which was not compromised during the attack.

State prosecutors in the Netherlands are investigating the incident.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Online firm Yahoo fires CEO Bartz

Yahoo's chief executive Carol Bartz has been fired by the internet company after two-and-a-half years in the top job.

The company said in a statement that Ms Bartz was removed by the board of directors, effective immediately.

Tim Morse, Yahoo's chief financial officer, will take over from Ms Bartz.

Yahoo has been struggling to increase its market share as it faces increased competition from rivals such as Google and Facebook.

Yahoo shares jumped more than 6% in after-hours trading after news of the firing broke, indicating they would trade higher when Wall Street opens for business on Wednesday. Yahoo's stock price was up at $13.72, an increase of 81 cents.

Mr Morse will serve as interim chief executive and the board of directors will look for a new CEO, the company said.

No turnaround

Ms Bartz was hired to run Yahoo in early 2009, taking over from co-founder Jerry Yang.

She made significant changes to the management team and cut jobs to save on costs. She also shifted the focus of the traditionally search-oriented firm towards more personalized content.

"Start Quote

I am very sad to tell you that I've just been fired over the phone by Yahoo's chairman of the board"

End Quote Carol Bartz Former CEO, Yahoo

However, Larry Magid, a technology analyst at C-net, said the company has not seen enough of a turn-around under Ms Bartz's leadership.

"She hasn't done anything to change the company's fortunes, and they are still anxious to find a leader who can move them up," he said.

Critics also claim that Yahoo has failed to make significant strides in two of the most lucrative segments of the market; search and social networking.

"Facebook is way ahead, and now even Google is way ahead of Yahoo in social networking," C-net's Mr Magid added.

"In terms of the potential for long-term revenue it's just not there. They've got some great sites, great information resources, news, stocks, sports, but that's not what bringing in the money."

Phone firing

The news first broke on the Wall Street Journal's All Things D website, which quoted an email from Ms Bartz to Yahoo staff. The email has since been reported by other news agencies including Bloomberg and Reuters.

"I am very sad to tell you that I've just been fired over the phone by Yahoo's chairman of the board," Ms Bartz said in the email to staff.

"It has been my pleasure to work with all of you and I wish you only the best going forward."

As news of the sacking spread across the internet, Yahoo released its own press statement in which it confirmed it was undergoing a "leadership reorganisation" and that Ms Bartz would be leaving the company.

Roy Bostock, chairman of Yahoo's board, said in the statement: "On behalf of the entire board, I want to thank Carol for her service to Yahoo during a critical time of transition in the company's history, and against a very challenging macro-economic backdrop."

He added that he saw "enormous growth opportunities" for the firm.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials