blog trackingRealtime Web Statistics Comodo Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Comodo’

Certificate Authority Comodo Releases Website Malware Scanning Tool SiteInspector

Comodo has launched its website malware scanning service SiteInspector

(WEB HOST INDUSTRY REVIEW) — Certificate authority and security provider Comodo released its malware scanning and blacklist monitoring solution for websites, SiteInspector, on Wednesday.

According to the press release, SiteInspector Pro (the paid version) will automatically scan three pages of a domain daily, and check that a website is not blacklisted. It will email users if a problem is detected, and will give threat mitigation advice if malware is found. The free version only allows scanning on one page at a time.

The name, and service, sound similar to existing malware scanning provider SiteLock. SiteInspector also has some similar features to that of Runa Capital-funded StopTheHacker.

Web hosts have been partnering with malware scanning providers recently to bolster their security offerings as clients are becoming increasingly aware of the threats malware pose to their websites, blogs and Facebook pages. In March, web hosting provider A Small Orange partnered with CodeGuard, and StopTheHacker.

“Any service that informs website owners that their site is infected is beneficial. Comodo’s SiteInspector seems similar to a number of other tools in the marketplace that can perform malware scanning,” CodeGuard CEO David Moeller says in an email to the WHIR.  “CodeGuard approaches website protection and malware identification and remediation in a fundamentally different way. Since we track all site changes, whether malware is injected with the intent to distribute it via a drive-by-download or a mass-meshing type attack, or black hat SEOs inject parasitic links or code to perform site redirecting, CodeGuard will inform the website owner. And then we provide a way for the website owner to quickly remediate the problem by rolling back to a prior clean version of their website. At this point, we can provide assistance to the customers to make sure their site is sufficiently hardened to prevent future attacks.”

In October 2011, certificate authority GeoTrust launched its anti-malware scanning service with a considerably less catchy name, “Web Site Anti-Malware Scan”.

Comodo’s new service and GeoTrust’s service seem to be after the same market, and their primary business is not anti-malware scanning, unlike StopTheHacker and SiteLock. A few of the most obvious differences is GeoTrust’s service delivers its service exclusively through channel partners, and its service automatically checks up to 50 web pages daily for malware strains, while Comodo’s service is delivered directly to customers (for now) and its scans are limited to three pages of one domain.

Comodo will offer SiteInspector for free to directly to end-users through its website, and has built it in its browser, Comodo Dragon. With the Comodo Dragon integration, users can run a malware scan on the web page they are visiting by clicking on the SiteInspector icon at the top of the interface. Comodo CEO and chief architect Melih Abdulhayoglu says in an email to the WHIR that “SiteInspector will most definitely be pushed through the reseller channel as well very soon.”

“SiteInspector dramatically reduces the time between problem identification to problem resolution for business websites,” Abduhayoglu said in a statement. “No longer will businesses have to wait for angry customers to complain that their website contains malicious content. To take advantage of this essential service, webmasters just need to take a few minutes to sign up and configure the service. SiteInspector will do the rest.”

The release of this new offering comes less than a month after Comodo launched its Consumer Advocacy campaign to give consumers and businesses education information about taking the proper security measures to protect themselves from a range of threats, including malware.

Talk back: Is the accuracy of a malware scanning service important to you as a web hosting provider? Do you partner with any of the malware scanning providers currently? Which ones? Let us know your thoughts in a comment.

About Nicole Henderson

Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.

No related posts.

Article source: http://www.thewhir.com/web-hosting-news/certificate-authority-comodo-releases-website-malware-scanning-tool-siteinspector

View full post on National Cyber Security » Virus/Malware/Worms

Comodo Breaks Ground With Mobile App Enabling Small Business IT Staff to Manage Endpoint Security From Smartphones

JERSEY CITY, NJ– – Comodo , a leading certificate authority and Internet security solutions provider, today broke new ground with the announcement of a mobile app that enables small business IT staff …

View full post on computer security alerts – Yahoo! News Search Results

View full post on National Cyber Security

Comodo Cleaning Essentials Identifies and Removes Malware and Unsafe Processes From Infected Computers

JERSEY CITY, NJ–(Marketwire -01/31/12)- Comodo (http://www.comodo.com/), one of the top certificate authorities and Internet security organizations, announced the release of Comodo® Cleaning Essentials, a set of powerful security tools designed to help users identify and remove malware and unsafe processes from infected Windows computers.

A portable application, Comodo Cleaning Essentials requires no installation and can be run directly from removable media such as a USB stick. This free, fast and easy-to-use software, which recently earned PC Magazine’s coveted Editor’s Choice, utilizes two core technologies — KillSwitch and Malware scanner.

KillSwitch is an advanced system monitoring tool that allows users to identify, monitor and stop potentially unsafe processes that are running on endpoint systems. Unique for a product of its type, KillSwitch uses Comodo’s whitelist database to isolate untrusted processes with an extremely high degree of accuracy — improving IT operational efficiency by reducing false positives and reducing the amount of time needed to troubleshoot an endpoint machine.

Malware Scanner is a fully featured malware scanner capable of unearthing and removing viruses, rootkits, hidden files and malicious registry keys hidden deep within a system. This highly configurable scanner uses the latest heuristic techniques to detect previously unknown viruses, features first-class malware removal capabilities and is capable of detecting hidden drivers and services loaded during system start-up.

Other Comodo Cleaning Essentials features include:

  • The ability to classify the threat level of all objects and processes currently loaded into memory and highlights those that are not trusted;
  • Extremely efficient malware removal routines that thoroughly disinfect virus stricken endpoints;
  • Integration with Comodo cloud scanning technology, delivering instant behavioral analysis of unknown processes;
  • A quick repair feature that allows fast restoration of important Windows settings;
  • Lightweight design that requires no installation and can be run right from a USB stick

The focus of Comodo Cleaning Essentials spotlights Comodo’s unique approach to Internet security, which is based on the fact that ridding an infected PC of malware is not the same as protecting a clean PC from potential threats. This distinction is explained in a Comodo video titled “Virus Protection vs. Virus Cleaning.”

“Many Internet security vendors claim their software both cleans and protects, but that is not the case, and Comodo is working to educate consumers about the dangers of this misconception,” said Melih Abdulhayoglu, Comodo’s CEO and chief security architect. “Just as vitamins are designed to prevent illness and antibiotics are designed to cure illness, the software that cleans an infected computer is not the best solution for protecting a computer — although other vendors will say otherwise. For this reason, we believe Comodo Cleaning Essentials is an indispensable tool that enables users to scan and remove viruses powered by a VB100 rated/ICSA Labs Certified COMODO Internet Security antivirus engine.”

While Comodo Cleaning Essentials is designed to clean an infected PC, other products such as Comodo Internet Security are specifically designed to protect a PC, using an auto sandbox technology — another Comodo differentiator. Other Internet security vendors promote the same “default-allow” technology that has left consumers vulnerable to e-threats — and later forces them to turn to the same providers that allow access to the infected files to clean up the problems. Comodo’s “default deny” approach not only stops obvious malware but also automatically sandboxes the unknown files until they’re determined to be “good or bad.”

This approach is spotlighted in Comodo’s video “The Good, the Bad and the Unknown.”

About Comodo
Comodo® is a leading Internet security company. With U.S. Headquarters in New Jersey and global resources in UK, China, India, Ukraine, and Romania, Comodo provides businesses and consumers worldwide with security services, including digital certificates, PCI scanning, desktop security, and remote PC support. Securing online transactions for more than 200,000 businesses, and with more than 35 million desktop security software installations, including an award-winning firewall and antivirus software, Comodo is Creating Trust Online®. To learn more, visit Comodo’s website: http://www.comodo.com/.

For more information, reporters and analysts may contact:
Liz O’Donnell
781-404-2442
lodonnell@topazpartners.com

Article source: http://finance.yahoo.com/news/comodo-cleaning-essentials-identifies-removes-152700640.html

View full post on National Cyber Security » Virus/Malware/Worms

Comodo Cleaning Essentials

A PC protected by a quality antivirus tool should be pretty darn safe. Even if a brand-new threat isn’t recognized, your security tool should keep it from actually doing harm. If the malware has already settled in, though, you have a problem. Active threats may well smack down any attempt to install or run security protection. That’s where Comodo Cleaning Essentials (free) comes in. It focuses on cleanup, not ongoing protection, and it does a very good job of clearing out active malware. Not only that, it’s free for personal or business use.

Portable Protection
You don’t have to worry about malware interfering with installation of Comodo Cleaning Essentials, because it doesn’t require installation. Just unzip its folder to the desktop and launch. Better yet, copy it to a USB drive and keep it in your pocket, in case a friend or colleague needs help with malware cleanup. That’s what I’ve done.

View Slideshow
See all (17) slides





Norman Malware Cleaner 2.1 (Free, 3.5 stars) and Malwarebytes’ Anti-Malware Free 1.51 (Free, 4 stars) also focus strictly on cleanup. Norman doesn’t require installation. Malwarebytes does, but none of my malware samples balked its installer.

At the end of a scan by any of the Norton products there’s a link to click if you think some problems remain. This link leads to the Norton Power Eraser (Free, 4 stars) download page. You can also download the tool at will to clean up a persistent threat.

avast! Rescue Disc ($10/once direct, 3.5 stars) takes a different approach. To clean up a badly infested system you boot from the disc, without even launching the installed version of Windows. However, it’s a little harder to carry around a CD in your pocket.

The Cleanup Process
After you launch Comodo Cleaning Essentials, it displays a simple main window with three main options: smart scan, full scan, and custom scan. If you’re in a situation that needs this product’s help, I’d strongly advise the full scan. That’s what I did for testing.

There are just a handful of configuration settings, most of which you shouldn’t change. If you suspect the possibility of a now-uncommon Master Boot Record (MBR) virus, or if you just want a really thorough scan, you might consider turning on the MBR scanner.

At the beginning of a full scan, the product needs to reboot your system. That lets it launch ahead of any rootkit threats, making it tough for them to hide. Next it runs a full antivirus signature update. Remember, this product isn’t installed, so it hasn’t had a chance to sit around downloading updates in the background. After updating it performs a thorough scan.

When the scan finishes, it simply reports the number of threats found. You can click for details, if you wish, and even change the action for any or all found threats. By default, it cleans each threat, disinfecting infected files and deleting wholly malicious ones. You can set it to ignore specific files, or to report them to experts at Comodo.

Once the antivirus has finished its cleanup actions, it requests another reboot to confirm that everything’s now hunky-dory. Upon reboot it displays a list of all the threats and their Status, either OK or Failed.

On my standard clean test system, the whole process took just under an hour, about twice as long as the current average. You’ll normally whip out this tool to solve a serious problem, so the time spent fixing it isn’t as important as its success at killing off the active malware.

Article source: http://www.pcmag.com/article2/0,2817,2398834,00.asp?kc=PCRSS02129TX1K0000530

View full post on National Cyber Security » Virus/Malware/Worms

Comodo CEO accuses nation state of sponsoring SSL certificate attacks

An attack on a Dutch company that issues certificates used to authenticate websites was state-sponsored, according to the chief executive of Comodo, a company that also issues digital certificates and suffered a similar setback in March.

Asked to characterise the DigiNotar attack, president and chief executive of Comodo Melih Abdulhayoglu said, “We believe this is state-sponsored. It seems that they need these certificates, as we stated in March, they will not stop attacking.”

Evidence suggests Iran is the state behind the attacks. An analysis by Trend Micro of the rogue SSL certificates issued by the DigiNotar hackers led that security firm to conclude that the attack was “used to spy on Iranian Internet users on a large scale.”

“We found that Internet users in more than 40 different networks of ISPs and universities in Iran were met with rogue SSL certificates issued by DigiNotar,” it said. “Even worse, we found evidence that some Iranians who used software designed to circumvent traffic censorship and snooping were not protected against the massive man-in-the-middle attack.”

A man-in-the-middle attack is one where an attacker intercepts communication between two systems, such as between a PC and user accessing their Gmail account.

If Iran is behind the DigiNotar and Comodo attacks though, it seems intent on hiding the fact behind a single hacker with the handle Comodohacker. In a posting on Pastebin yesterday, Comodohacker bragged about stealing certificates from both Comodo and DigiNotar.

What’s more, the hacker said he has access to four more high profile certificate issuing authorities that he’ll use in future attacks.

Although keeping the names of the four high-profile certificate issuing authorities close to the vest, Comodohacker did mention two others, GlobalSign and StartCom CA, he claimed to have breached. When asked about those claims, GlobalSign said it was investigating the matter and StartCom said it detected the attack and foiled it before any fraudulent certificates could be issued.

As evidence that he was behind the DigiNotar attack, Comodohacker, who was silent for months before yesterday’s Pastebin posting, published the password he used to gain access to DigiNotar’s administrative functions.

A preliminary report released yesterday by Fox-It, the security firm hired by DigiNotar to investigate the break-in, noted that in a script used in the attack “fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March 2011.”

In his posting, the hacker said his attack on DigiNotar was in retaliation for Dutch and Serbian actions against Muslims 16 years ago. He also said he intended to hurt the finances of DigiNotar, which is owned by an American company, Vasco.

Vasco stock was selling at $13.44 share on July 19 when DigiNotar discovered the breach. Today, it’s selling at $6.62 a share. However, over that period the stock market has been in a general decline, so the plummet of Vasco’s stock may have less to do with the DigiNotar attack than with universal market trends.

Comodo’s chief executive warned his competitors that they should protect their infrastructure.

“The days of wiretapping phone lines are gone, the days of reading emails or Facebook or intercepting Skype communication is here,” Abdulhayoglu declared. “The key to reading these communications are held by certification authorities. So that is why they have become the new target for states that have a need for intercepting communication.”

Article source: http://rss.feedsportal.com/c/270/f/3551/s/180ec94a/l/0Lnews0Btechworld0N0Csecurity0C330A18360Ccomodo0Eceo0Eaccuses0Enation0Estate0Eof0Esponsoring0Essl0Ecertificate0Eattacks0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Gergory Evans

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Is Comodo Hacker Behind the DigiNotar Attack?

Known as the Comodo Hacker for breaking into the network of certificate authority Comodo and issuing fake certificates, the Iranian hacker identified himself as “Ichsun” and claimed to have struck back with another hacking operation in July, the DigiNotar.

In a message posted from a Pastebin account, the hacker justified his hacking of DigiNotar as vengeance for the failure of the Dutch military to protect Srebrenica in 1995, during the Bosnian War. The same account, however, was used in March to release details about the Comodo hacking, which confirmed that the identity of the miscreant is the same.

“When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8000 Muslims in same day, Dutch government have to pay for it, nothing is changed, just 16 years has been passed,” the hacker wrote.

Article source: http://www.ibtimes.com/articles/209623/20110907/comodo-comodo-hacker-diginotar-hacking-diginotar-google-mozilla-dutch-fake-certificates-iranian-hack.htm

View full post on National Cyber Security » Computer Hacking

Comodo hacker: I hacked DigiNotar too; other CAs breached

The hack of Dutch certificate authority DigiNotar already bore many similarities to the break-in earlier this year that occurred at a reseller for CA Comodo. Bogus certificates were issued for webmail systems, which were in turn used to intercept Web traffic in Iran. Another similiarity has since emerged: the perpetrator of the earlier attacks is claiming responsibility for the DigiNotar break-in.

Calling himself ComodoHacker, the hacker claims that DigiNotar is not the only certificate authority he has broken into. He says that he has broken into GlobalSign, and a further four more CAs that he won’t name. He also claimed that at one time he had access to StartCom.

The statement did not provide any specific details about how the hack was performed, offering only a high-level description of some of the things he did: he found passwords, used 0-day exploits, penetrated firewalls, and bypassed the cryptographic hardware that DigiNotar was using to gain remote access to machines. He said that a more detailed explanation would follow, when he had the time, and that it would serve as useful guidance for Anonymous and LulzSec. While lacking in detail, the hacker did include an Administrator-level username and password apparently used on DigiNotar’s network. DigiNotar has not confirmed the authenticity of this information.

As with the statements issued after the Comodo hack, the DigiNotar statement was clear about one thing: the sophistication of the hack and the great skill it took.

ComodoHacker also justifed his attack on the Dutch certificate authority by blaming the Dutch for the murder of 8,000 muslims at Serbian hands in Srebrenica; “It’s enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government.”

Meanwhile, the fallout from the hack continues. DigiNotar has, in effect, lost its status as a trusted root certificate authority. Its certificates have been blacklisted by Microsoft, Google, Mozilla, and Apple.

This is having some significant consequences for Dutch Internet users. Certificates issued by DigiNotar are used by the Dutch government, forcing the government to warn that it can no longer ensure the integrity of secure connections to its own websites. The government is now overseeing DigiNotar’s operations as the certificate authority attempts to learn the full scope of the attacks. Since taking over, the government has issued a list of more than 500 fradulent certificates issued by DigiNotar.

Among these are certificates for *.*.com and *.*.org, which would allow someone in possession of the certificates to perform man-in-the-middle attacks for almost any site with a .com or .org domain—a far wider problem than initially assumed. The Tor Project has also discovered some unusual text in one of the certificates. It contains a number of phrases written in Farsi, which translate as “great cracker,” “I will crack all encryption,” and “I hate/break your head.” This alludes to ComodoHacker’s statement about the Comodo hack, in which he claimed to be able to break strong encryption.

There’s also increasing evidence that the certificates were used widely within Iran. Trend Micro’s Smart Protection Network collects many kinds of data, including domain name lookups. Over the past few weeks, the number of Iranian systems looking up DigiNotar’s validation.diginotar.nl domain was far higher than normal, until it abruptly dropped on August 30th. This activity implies that with large numbers of Iranian machines were performing revocation checks on the bogus DigiNotar certificates during July and August. The abrupt stop in turn implies that traffic to validation.diginotar.nl has now been blocked within Iran.

This suggests that the number of man-in-the-middle attacks performed against Iranians was substantial, and that the attacks occurred over many weeks, making secure communication insecure for all those within Iran. After the Comodo hack, ComodoHacker made clear that he was deliberately acting to thwart anti-government dissidents within Iran. In spite of his criticism of the Dutch, the true target remains the Iranian people.

The implications for the certificate authority system remain uncertain. Both the Comodo and DigiNotar hacks demonstrate the considerable, and well-known, problems with the current system: certificates from a trusted authority are accepted unconditionally, and there are many such authorities, and their integrity cannot be assured. DigiNotar compounded the problems by being far from forthcoming about the nature and extent of the hack, a situation that has only improved since the Dutch government got involved. In contrast, Comodo was quick to notify browser vendors to notify them of the problem.

There are proposals such as DNSSEC, to make domain name information secure; CAA records, to allow DNS to denote that a domain should only accept certificates issued by particular certificate authorities; and DANE, to allow dissemination of certificates over DNS, that would go some way toward preventing similar attacks in the future. There are also systems that move away from absolutely trusted certificate authorities in favor of consensus-based trust. Such systems would both make it harder to perform man-in-the-middle attacks, and reduce the impact of certificate authority compromises. However, little action has been taken to make these systems a practical reality, as both require substantial changes to be made to the way DNS and certificates are issued and used.

A number of browser-based stopgap solutions are being devised to partially fill this gap. Certificate Patrol for Firefox provides alerts if a certificate has changed unexpectedly, which would reveal the use of fraudulent certificates. Convergence, also for Firefox, provides a kind of decentralized trust system instead of a fixed list of certificate authorities. Chrome’s HTTPS pinning feature means that Chrome will only accept certificates issued by certain certificate authorities when visiting Google domains. This provides a kind of Google-specific, Chrome-specific equivalent to the CAA DNS proposal.

While these browser-based systems can protect users, they don’t obviate the need for a more substantial overhaul of the entire certificate system. The DigiNotar hack demonstrates the need for change, but with considerable vested corporate interests in the current system—not to mention massive entrenchment—it could be a long time coming.

Article source: http://arstechnica.com/security/news/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

View full post on National Cyber Security » Computer Hacking

Gergory Evans

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Comodo hacker claims credit for DigiNotar attack

The hacker responsible for a stunning attack on a Dutch company that issues security certificates for websites warned on Monday that he would “strike back again,” after previously breaching another company earlier this year.

The hacker posted the warning on Pastebin under the handle “Comodohacker.” The same account was used earlier this year to describe the attack on Comodo, which sells SSL (Secure Socket Layer) certificates, a crucial Internet security component used to secure encrypted communication between a computer and a website.

“Comodohacker,” who has given press interviews, has described himself as a 21-year-old Iranian student, although that information is not confirmed. It is also suspected he could be Turkish, working alongside others.

Comodohacker said on Monday on Pastebin that he breached DigiNotar, an issuer of SSL certificates, in order to punish the Dutch government for the actions of its soldiers in Srebrenica, where 8,000 Muslims were killed by Serbian forces in 1995 during the Bosnian War.

More than 500 fraudulent SSL certificates were issued by DigiNotar after its systems were breached. A report released on Monday by DigiNotar’s auditor, Fox-IT, found that more than 300,000 unique IP addresses may have accessed Google account information under the fraudulent certificate, potentially meaning the data exchanged with Google could have been intercepted.

Most of those IP addresses were located in Iran, which has raised questions about the connection between Comodohacker and perhaps the Iranian government, which closely monitors the Internet for anti-government dissent.

“That’s the mystery” said Mikko Hypponen, chief research officer for the security vendor F-Secure. “How do we go from these rogue certificates to widescale interception of Iranian citizens?”

Hypponen said it is likely that the person claiming to be Comodohacker accomplished both the DigiNotar and Comodo hacks as claimed on Pastebin. The style of broken English is the same, and Comodohacker also apparently created certificates using Persian phrases he used during the Comodo hack, Hypponen said.

Comodohacker also wrote in his Pastebin note that he has gained access to four more “certificate authorities,” which are entities or companies like DigiNotar and Comodo that issue SSL certificates. He claimed to have access to GlobalSign, a widely used certificate authority.

Steve Roylance, GlobalSign’s business development director, said the company has started an investigation.

“There’s no concrete evidence of anything that has happened so far,” Roylance said. “We are taking this very seriously at the moment.”

Comodohacker also wrote on Monday that he had in the past hacked StartCom, another certificate authority, but indicated that the attack didn’t work.

StartCom’s chief operating officer and CTO, Eddy Nigg, said on Tuesday that his company detected the attack in June but was able to block it before Comodohacker could issue any fraudulent certificates.

Send news tips and comments to jeremy_kirk@idg.com

Article source: http://www.cio.com.au/article/399812/comodo_hacker_claims_credit_diginotar_attack/

View full post on National Cyber Security » Computer Hacking

Gergory Evans

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Comodo hacker claims he compromised Diginotar and other CAs

THE IRANIAN HACKER who previously broke into the network of a certificate authority (CA) Comodo reseller and issued rogue certificates for high-profile domains, has claimed to be responsible for the July breach at Diginotar that had similar consequences.

In a message posted from a Pastebin account used in March to release details about the Comodo compromise, the hacker claimed the Diginotar attack was retribution for the Dutch military’s failure to protect Srebrenica during the Bosnian War.

“When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8000 Muslims in same day, Dutch government have to pay for it, nothing is changed, just 16 years has been passed,” the hacker wrote.

“Dutch government’s 13 million dollars which paid for DigiNotar will have to go DIRECTLY into trash, it’s what I can do from KMs away,” he added.

The hacker also claimed responsibility for the June cyber intrusion at Startcom CA, which resulted in the temporary suspension of certificate signing. The company’s CTO said at the time that hackers unsuccessfully tried to issue certificates for www.google.com, login.yahoo.com, login.skype.com, login.live.com and mail.google.com.

The Comodo hacker claimed that only luck saved Startcom CA from a fate similar to Diginotar’s. He also said that he has access to four more high-profile CAs that he will not name, except for Globalsign.

As far as the Diginotar hack goes, he claimed to have exploited many zero-day vulnerabilities to compromise the company’s system, as well as bypass its Ncipher NetHSM, its hardware keys and RSA certificate manager. He promised to return with more details later.

The Iranian hacker, who previously declared himself faithful to his country’s government and spiritual leader, warned that the most sophisticated hack of the year is yet to come and that more rogue certificates should be expected. As proof that he is behind the Diginotar breach, the hacker published the alleged password for the domain administrator account on the Dutch company’s network.

If all the hacker’s claims are true – and he is not known to have lied so far – then the public key infrastructure is in a very bad shape and in dire need of an overhaul. Many security experts seem to endorse a technology proposed by the security researcher who uses the alias Moxie Marlinspike.

Called Convergence, this solution uses network perspective to validate certificates and can entirely replace the CA model. It allows browsers to check certificates they receive with the ones downloaded by third-party notary servers from the same domains. If there’s a mismatch, it means a man-in-the-middle attack is most likely in progress.

The security community is waiting for Diginotar, or the Dutch government which now has control over the company, to confirm or deny the existence of the administrative credentials the hacker shared. µ

Article source: http://feeds.theinquirer.net/c/554/f/7127/s/18054d71/l/0L0Stheinquirer0Bnet0Cinquirer0Cnews0C210A68730Ccomodo0Ehacker0Eclaims0Ecompromised0Ediginotar0Ecas0DWT0Brss0If0F0GWT0Brss0Ia0FComodo0Khacker0Kclaims0Khe0Kcompromised0KDiginotar0Kand0Kother0KCAs/story01.htm

View full post on National Cyber Security » Computer Hacking

Gergory Evans

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!