Comodo RA Compromised

One of the most famous security company, Comodo had one of their RA compromised. For those who are unfamiliar with PKI technology and not too sure what a RA is, here let me explain to you a little. RA is also known as Registration Authority, where this sub-model of the PKI is responsible of issuing digital certificates.

What happen here was while the RA was compromised, it was used by the attacker to issue a fraudulent SSL certificates. SSL stands for Secure Socket Layer and these certificate is mainly used by web servers in providing a ‘https’ environment. Issuing these fraudulent SSL certificates means that the attacker will attempt to use these certificates to host some malicious website.

Quickly, it was mentioned that the root keys, the intermediate CA and the security hardware were not affected. Thus, the problem is only on the issued certificates. Comodo had already take the action of revoking all the fraudulent certificates and it should not be able to use now. Microsoft also released a patch to include the nine revoked SSL certificates by Comodo.

How this could happen is that one of the staff’s username and password were stolen at the southern part of Europe. Attacker use this username and password to login and issue certificates. When the breach was identified, the attacker still using that username to login and they might be interested to go into other domain and perform the same thing.

It was rumored that the IP of the attacker were from Iran however, this does not direcly put the blame into Iran without further investigation. It was just suspect that the attacker was from there. It was also further added by them that the domains targeted “would be of greates use to a government attempting surveillance of Internet use by dissident groups.”

Source:

Related Posts:

Sign-up To My Newsletter And Get A Free eBook

  • Build your own security now in 10 simple steps

  • Comes together with 15 tips on how to stay online safely

  • You will also receive tips on how to stay secure on the latest deadly threats
Filed Under: News Tagged With: ,
About Alan Tay

I am a Software Engineer who works for a Security Firm in Malaysia. Spend most of my time gathering information about security so that I can blog about them here. Owner and founder of IT Security Column.

Comments

  1. Carol says:
    May 21, 2011 at 7:06 pm

    You seems to be an expert in this field, Great article and keep up the good work, my friend recommended me this.

    My blog:
    credit conso et Rachat De Credit fonctionnaire

    Reply
    • admin says:
      May 21, 2011 at 7:35 pm

      Hi Carol

      Thanks for the compliment. Unfortunately, I cannot follow your blog well as I am not good in French ;)

      Reply

Speak Your Mind

*

CommentLuv badge