Comodo SSL certificates compromised

Whenever you visit a secure website (HTTPS) your browser verifies that site is properly secured based on the sites certificate. If the site doesn't have a valid certificate, most browsers make it pretty clear that the site you are visiting cannot be verified as an actual secure site. It all works pretty well to ensure your browsing experience is safe until the company issuing the certificates is hacked. 

Comodo admitted yesterday that on March 15, 2011 a Registration Authority (RA) in southern Europe was compromised and fraudulent certificates were created. The hacker some how gained access to an administrative username and password which they then used to create themselves their own username and password to create SSL certificates for login.live.com, mail.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and Global Trustee.

As soon as they found out the fraudulent certificates were created, Comodo immediately revoked them. They also said that only one of the certificates was tested and it received a revoked response. The site that the hacker used to test it was immediately unavailable after the certificate failed. The attack originated from an Iranian IP address and the server used to test the certificate was based in Iran. This led Comodo to draw the following conclusions:

The circumstantial evidence suggests that the attack originated in Iran. 
The perpetrator has focussed simply on the communication infrastructure (not the financial infrastructure as a typical cyber-criminal might). 
The perpetrator can only make use of these certificates if it had control of the DNS infrastructure.
The perpetrator has executed its attacks with clinical accuracy.
The Iranian government has recently attacked other encrypted methods of communication.
All of the above leads us to one conclusion only:- that this was likely to be a state-driven attack.

Fortunately, the certificates the hacker created would not be useable unless they were able to take over the DNS to point the domains for the fraudulent certificates to his own servers IPs.

Report a problem with article
Previous Story

OMG! Oxford English Dictionary adds LOL

Next Story

Brothersoft: Product quality, not important any more?

38 Comments - Add comment