tomdchi Posted September 8, 2011 Share Posted September 8, 2011 FYI to any GlobalSign Resellers, Its possible they where hacked and since yesterday I have been unable to access their site and today no certs can be issued from within WHMCS or through the partner center (can't get to it). http://www.tgdaily.com/security-features/58339-globalsign-halts-security-certificates-after-second-hacking-claim What really ticks me off is that they did not send anything telling me they were going to do this. I happened to see the above in the news. 0 Quote Link to comment Share on other sites More sharing options...
Troy Posted September 9, 2011 Share Posted September 9, 2011 Yep it's quite annoying they didn't bother to let us know. We've had to fulfill some orders by other means today. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted September 9, 2011 WHMCS Support Manager Share Posted September 9, 2011 Just after we sent out our newsletter about it too. Typical 0 Quote Link to comment Share on other sites More sharing options...
easyhosting Posted September 12, 2011 Share Posted September 12, 2011 just has an email from globalsign on this issue Dear valued GlobalSign Customer, Please read the below update in regards to the reactivation of GlobalSign services. The investigation and high threat approach to returning services to normal continues and GlobalSign is working with a number of organisations to audit the process of reactivating issuance. We will be bringing system components back online today during a sequenced startup, but we do not foresee that customers will be able to process orders until Tuesday morning. We sincerely apologise for the extra delay. More updates will follow if the situation changes. For the latest information, please visit http://www.globalsign.eu/company/press/090611-security-response.html, or contact your account manager. We thank everyone again for your continued support during the reactivation process. Sincerely, The GlobalSign Team 0 Quote Link to comment Share on other sites More sharing options...
XN-Matt Posted September 13, 2011 Share Posted September 13, 2011 Systems should be online again today (Tuesday). Matt 0 Quote Link to comment Share on other sites More sharing options...
tomdchi Posted September 14, 2011 Author Share Posted September 14, 2011 I am so pissed at GlobalSign. They take their systems offline Tuesday the 6th and do not tell resellers about it. It is Friday the 9th before any email is sent to resellers. Now that they have found that only the web server hosting the site was hacked and nothing more. Then they said they would be going back online Monday. Monday then turned to Tuesday and now its supposed to be Thursday! I now have to issue refunds to those that are cancelling orders. What I don't get is why it required taking the systems offline in the first place to investigate a breach. What does that gain? 0 Quote Link to comment Share on other sites More sharing options...
easyhosting Posted September 14, 2011 Share Posted September 14, 2011 I am so pissed at GlobalSign. They take their systems offline Tuesday the 6th and do not tell resellers about it. It is Friday the 9th before any email is sent to resellers. Now that they have found that only the web server hosting the site was hacked and nothing more. Then they said they would be going back online Monday. Monday then turned to Tuesday and now its supposed to be Thursday! I now have to issue refunds to those that are cancelling orders. What I don't get is why it required taking the systems offline in the first place to investigate a breach. What does that gain? taking it offline means any hackers cannot gain further access etc. when they took it offline they did not know it was just their site server. i suppose you would have been happy if their whole system got hacked and the hackers gained your details and then attacked your server. i myself dont use Globalsign although i do have an account with them, but i use trustico and have the WHMCS mod from sparky 0 Quote Link to comment Share on other sites More sharing options...
tomdchi Posted September 15, 2011 Author Share Posted September 15, 2011 taking it offline means any hackers cannot gain further access etc. when they took it offline they did not know it was just their site server. i suppose you would have been happy if their whole system got hacked and the hackers gained your details and then attacked your server. i myself dont use Globalsign although i do have an account with them, but i use trustico and have the WHMCS mod from sparky No of course I wouldn't be happy if their whole system was hacked, kinda silly to say that. Your a webhost, would you take all your accounts offline just because a known hacker publicly stated that they had hacked all your user accounts?? I don't think you would. First you would scour corner of your servers to find evidence that the claim isn't BS. Now its possible that GlobalSign did that and found the web server breach then decided to take everything offline. But if thats true then they didn't tell the truth in the beginning. My biggest fear with the response from GlobalSign is that it will cause other hackers to copycat and make false claims in order to wreak havoc. 0 Quote Link to comment Share on other sites More sharing options...
XN-Matt Posted September 15, 2011 Share Posted September 15, 2011 Err, thats a crazy reply. So yes, lets leave our CA online, in hope that someon actually hasn't hacked us waiting for possibility that someone could be signing certs from the GlobalSign root. Are you insane, seriously? You do understand the possible consequence of that? *If* it did happen to any CA, there is a complete possibility of having to revoke your own signed root certificate meaning that any certificate issued from that, be it direct or chained would break. C'mon, use some common sense now. Just look at Diginotar! 0 Quote Link to comment Share on other sites More sharing options...
tomdchi Posted September 15, 2011 Author Share Posted September 15, 2011 (edited) Err, thats a crazy reply. So yes, lets leave our CA online, in hope that someon actually hasn't hacked us waiting for possibility that someone could be signing certs from the GlobalSign root. Are you insane, seriously? You do understand the possible consequence of that? *If* it did happen to any CA, there is a complete possibility of having to revoke your own signed root certificate meaning that any certificate issued from that, be it direct or chained would break. C'mon, use some common sense now. Just look at Diginotar! I don't think I said anything about leaving things alone. I don't get why it would be such a crazy insane thing to assess a claim before shutting down your entire operation. In this case, finding the breach in the web host server I think would be cause to then take everything down. But all of that is not what pissed me off in the first place. The fact they didn't notify resellers and then kept changing the day when it would be back up is. The GS root was never in danger since it is not kept online. Diginotar I hope is not even in the same ballpark as GlobalSign. I read the prelim report from Foxit. Diginotar could have been taken down by any second rate hacker. They even had all systems on the same windows domain - thats just plain stupid. http://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/ Edited September 15, 2011 by tomdchi 0 Quote Link to comment Share on other sites More sharing options...
tomdchi Posted September 15, 2011 Author Share Posted September 15, 2011 GS is back up finally but WHMCS modules do not work. Apparently they are restricting API access by IP address but there is no place to put an IP in the control center on their site. 0 Quote Link to comment Share on other sites More sharing options...
easyhosting Posted September 15, 2011 Share Posted September 15, 2011 I don't think I said anything about leaving things alone. I don't get why it would be such a crazy insane thing to assess a claim before shutting down your entire operation. In this case, finding the breach in the web host server I think would be cause to then take everything down. But all of that is not what pissed me off in the first place. The fact they didn't notify resellers and then kept changing the day when it would be back up is. The GS root was never in danger since it is not kept online. Diginotar I hope is not even in the same ballpark as GlobalSign. I read the prelim report from Foxit. Diginotar could have been taken down by any second rate hacker. They even had all systems on the same windows domain - thats just plain stupid. http://nakedsecurity.sophos.com/2011/09/05/operation-black-tulip-fox-its-report-on-the-diginotar-breach/ ny the time they go through their LARGE aite and database etc, the hackers could access further and cause more damage, so the best option is to take everything offline so they can do a deep investigation without further compromises. yes they should have contacted all resellers at the time, but i think they would have been rather busy trying to sort out their own problems. i have a problem last year when a client was using my server as a mail relay ( not relised at first), but it puzzled me and even the techs at my VPS supplier, so iot was decided between the 2 of us to take the VPS offline until it could be traced and the problem sorted. it was 3 hrs before i had the time to inform my clients of this and why the server was down, so in globalsign situation they m ay not have had the time to inform clients straight away as these things hit big straight away and take your immediate time to try and sort out before the ultimate in taking servers down. so in all i think globalsign acted quickly to secure their network. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.