Another Potential CA Breach?
I first saw it mentioned on twitter this morning and now my requests to them are timing out but it looks as if StartCom Ltd. *may* have suffered a security breach. The following message was on their site when I connected a short while ago:
Maintenance
Due to a security breach that occurred at the 15th of June, issuance of digital certificates and related services has been suspended. Our services will remain offline until further notice.
Subscribers and holders of valid certificates are not affected in any form.
Visitors to web sites and other parties relying on valid certificates are not affected.
We apologize for the temporary inconvenience and thank you for your understanding.
I'm a little unclear about it still so hopefully we'll have more information soon. The strange thing is that I was only seeing the maintenance page in Safari (and not in Firefox) and a buddy of mine wasn't seeing it at all.
More to be posted if I learn more.
*Update* - I'm seeing the maintenance page consistently but only with a browser. cURL doesn't display the maintenance text yet.
**Update** - I don't know how credible this one is. Nothing's being reported about it. Google's cache displayed the following message recently for the site (from June 16th):
***Update*** - Well, it seems legitimate. Here's the Internet Storm Center post noting the breach. Here's a Register article discussing it, too, which provides a little bit of additional information. My main concern with StartCom right now is that depending upon the value of the "ap" cookie that they're dropping when connecting to www.startssl.com, you either see a page mentioning the breach or you see their usual homepage.
****Update**** - More information from H-Online