Attack on Israeli Certificate Authority
For security reasons, the Israeli StartSSL Certificate Authority (CA) has temporarily suspended all its certification services. Apparently, attackers attempted to bypass the authority's security systems and intrude into its servers.
Talking to The H's associates at heise Security, StartSSL's CEO Eddy Nigg said that the attackers' goals were similar to those behind the intrusions into the reseller servers of StartSSL's competitor Comodo – to issue unauthorised SSL certificates (for already existing domains). However, the CEO said that the latest attacks were unsuccessful. The incident, which happened on 15 June, is still under investigation. According to StartSSL, the security of existing certificates is not affected.
The CA is part of StartCom and is one of the few authorities where users can obtain free SSL certificates which are valid for a year. The root certificates are included in all modern browsers, but users may need to provide an intermediate certificate when using them on their own servers. The article "SSL for free - Setting up free certificates" demonstrates how to apply for a StartSSL certificate (once the site is back up and running) and implement it, and the intermediate certificate, on an Apache web server.