Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

StartSSL, a web authentication authority, suspend services after a security breach

Published: 2011-06-21
Last Updated: 2011-06-21 06:14:17 UTC
by Chris Mohan (Version: 1)
1 comment(s)

An attack on web authentication authority StartSSL has lead to them suspending their services and stopped issuing any further certificates.

From the landing page of Startssl's web site [1] they offer this information:

Due to a security breach that occurred at the 15th of June, issuance of digital certificates and related services has been suspended.
Our services will remain offline until further notice.
Subscribers and holders of valid certificates are not affected in any form.
Visitors to web sites and other parties relying on valid certificates are not affected.
We apologize for the temporary inconvenience and thank you for your understanding

The Register web site has more information on the story [2]

[1] https://www.startssl.com/
[2] http://www.theregister.co.uk/2011/06/21/startssl_security_breach/

Chris Mohan --- Internet Storm Center Handler on Duty

1 comment(s)
Diary Archives