by certifiedbug on March 23, 2011
in Microsoft
Microsoft Security Advisory (2524375)
Published: March 23, 2011
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
These certificates affect the following Web properties:
• login.live.com
• mail.google.com
• www.google.com
• login.yahoo.com (3 certificates)
• login.skype.com
• addons.mozilla.org
• “Global Trustee”
Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.
“An update is available for all supported versions of Windows to help address this issue.”
http://www.microsoft.com/technet/security/advisory/2524375.mspx
http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/
http://threatpost.com/en_us/blogs/phony-web-certificates-issued-google-yahoo-skype-others-032311
by certifiedbug on July 5, 2009
in Software
Comodo announcement
What’s New In 3.10.102194.530?
==============================
NEW! COMODO Secure DNS is introduced as a new free service
NEW! COMODO HopSurf Toolbar – COMODO SafeSurf Toolbar has been discontinued and superseded by COMODO HopSurf Toolbar
On-going topic at calendarofupdates.com
Mike Burgess response to Comodo’s CEO
I sent an email on 04-21-09 alerting Comodo and never received a reply … so why would I bother sending another when I find more of the same (Malware sites using Comodo certificates) … however after “going public” it sure didn’t take long for these certificates to be revoked. Imagine that … I got a reply today … “your email got buried” = buried? … if you notice I sent it to both the address I was given and “CC’d” to the person I dealt with previously …
Let me put a little perspective on this … “Conficker systems being updated with SpywareProtect2009”
Conficker is now believed to be the largest computer worm infection since the 2003 … and Comodo issued the certificate to “SpywareProtector-2009″ … now you can’t tell me that this domain name isn’t a cause for concern? It gives me chills to think how many people were duped into purchasing this product.
Follow-up to the Comodo Controversy
http://certifiedbug.com/blog/tag/comodo/
5/26/09 The Tech Herald: Criminals using Comodo to attempt legitimacy
by certifiedbug on April 27, 2009
in Software
