James_A Posted May 26, 2011 Share Posted May 26, 2011 Well, it's all over the Internet by now (100,000+ hits in Google) but yet another Comodo subsidiary has been hacked and, once again Comodo has egg all over its face. That's the fourth known instance of a Comodo subsidiary or reseller being hacked this year. You might remember that the hack of the Italian subsidiary/reseller a couple of months ago caused Microsoft, Mozilla and Apple to issue emergency updates revoking the fraudulent SSL certificates that the hacker issued himself, for Google, Mozilla, Skype and Windows Live (actual domains were: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com. This time it's the website of Comodo Brazil and the login details of its employees have been posted on the internet, together with customer details and information on their certificates. Softpedia (see this link) reports as follows: Hackers managed to compromise the website of Comodo Brazil and extracted sensitive information about the company's SSL certificate customers. It seems the attack vector used in this case was SQL injection. A partial database dump was posted on pastebin.com Saturday together with information about the vulnerability. The compromised data includes certificate authority name, email, fax, phone number, order number, certficate request, private key file name and other details. Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included. There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called firstname.lastname@example.org (validation@) is listed in plain text. The password was most likely posted like this intentionally by attackers, because all hashes appear to be unsalted MD5 and are trivial to crack. No kidding, the effort needed to "crack" those password hashes is indeed minimal. In some cases you can just look them up, no "cracking" effort needed at all! Comodo President and CEO Melih Abdulhayoglu is trying to brush off the matter, because no certificates were issued as a result of the breach, but the data posted on the internet is still sensitive whatever he says. . Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.