Anonymous hacker releases information on GlobalCerts employees

Online security is essential in some forms of business, and there are plenty of people out there eager to bypass your security and mess with your company. While Anonymous is still the big name in 'hacktivism', there are plenty more groups appearing.

Someone claiming to be working as part of Anonymous and AntiSec (Anti-Security, to give the full term) has hit GlobalCerts.net. Global Certs is used for secure email messaging and suchlike, so there probably is a goldmine of information nobody was ever meant to see.

Using the traditional method of 'doxing' people, information has been dumped online. The hacker goes by the name of 57UN and somehow, we get the impression GlobalCerts' security left a bit to be desired if one person was able to do what 57UN has.

The 'doxed' information's opening tries to justify or explain the attack. It reads as follows:

Company that should be protecting, got hacked and failed to protect.

The person responsible for the attack gives only their pseudonym, and a link to their Twitter account.

Formatting on the information leaked is pretty hard to follow, but you can get the gist of it even so. With all the names and information leaked, it has to be a concern for Global Certs. While the information only concerns their employees at present, the amount of other data that could have fallen into the hands of hackers could be even more damaging.

Source: Softpedia

Report a problem with article
Previous Story

No Windows 8 upgrade rebate offer from Lenovo

Next Story

Feature: Looking back at Neowin 10 years ago

7 Comments

Commenting is disabled on this article.

Children being children who just go to show that being skilled with computers has no bearing on one's capacity for logical thought.

If your goal is to expose security holes in systems paraded around as secure, you expose them. You don't punish the people relying on them. For this reason alone, I place more blame on hackers than on the businesses.

It frustrated me to no end that the hackers responsible for the Sony breach got almost ZERO ire from self-proclaimed tech savvy people, who reserved a vast majority of their rage to be aimed exclusively at Sony. People have their principles and priorities completely out of whack.

Ivan Vanko said,
If you can make God bleed, people will cease to believe in him.

I will never endorse these script kiddies but some times you have to hit companies where it hurts before they will believe you, some times public and brutal is the only was some of these big headed companies will listen.

And this is why your own self-signed certificate is much more secure than any that are signed by any companies

n_K said,
And this is why your own self-signed certificate is much more secure than any that are signed by any companies

If self-signed certs are soo much better then why is that practically everything written on cert-based security says DON'T USE self-signed certs?

SharpGreen said,

If self-signed certs are soo much better then why is that practically everything written on cert-based security says DON'T USE self-signed certs?
Because they want you to spend money on certificates?
On a more serious note, the only down side of self-signed certificates is that you have to get the CA certificate (and any other relevant intermediates) to the clients manually, so that they can verify who they're talking to, as well as encrypt stuff. The other arguable downside is that you are master of your own destiny when it comes to keeping your own private keys safe which, here, is an advantage as n_K pointed out!

SharpGreen said,

If self-signed certs are soo much better then why is that practically everything written on cert-based security says DON'T USE self-signed certs?

Because of the possibility of interception, i.e. how do you know the actual person/company made that certificate and not a hacker?
Other than that, self-signed certificates have no downsides and only upsides, you can even revoke certificates if you set your server up properly.

SharpGreen said,

If self-signed certs are soo much better then why is that practically everything written on cert-based security says DON'T USE self-signed certs?

Because as smooth_criminal1990 said self-signed certs are not trusted everywhere. Large companies like Verisign have their trusted root certificates included in all popular desktop/phone operating systems so any certificates issued by them are automatically trusted.
It's just as safe - if not safer as you can use a greater key length - to have your own certification authority. Furthermore in order for your certificates to be compromised you would have to be specifically attacked.