James_A Posted May 26, 2011 Posted May 26, 2011 Well, it's all over the Internet by now (100,000+ hits in Google) but yet another Comodo subsidiary has been hacked and, once again Comodo has egg all over its face. That's the fourth known instance of a Comodo subsidiary or reseller being hacked this year. You might remember that the hack of the Italian subsidiary/reseller a couple of months ago caused Microsoft, Mozilla and Apple to issue emergency updates revoking the fraudulent SSL certificates that the hacker issued himself, for Google, Mozilla, Skype and Windows Live (actual domains were: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com. This time it's the website of Comodo Brazil and the login details of its employees have been posted on the internet, together with customer details and information on their certificates. Softpedia (see this link) reports as follows: Hackers managed to compromise the website of Comodo Brazil and extracted sensitive information about the company's SSL certificate customers. It seems the attack vector used in this case was SQL injection. A partial database dump was posted on pastebin.com Saturday together with information about the vulnerability. The compromised data includes certificate authority name, email, fax, phone number, order number, certficate request, private key file name and other details. Customer details like organization names, addresses, telephones, domain names, type of web servers, serial numbers and more, are also included. There is also a list of what appears to be employee accounts, with @comdobr.com email addresses and hashed passwords. The password for an account called validacao@comodobr.com (validation@) is listed in plain text. The password was most likely posted like this intentionally by attackers, because all hashes appear to be unsalted MD5 and are trivial to crack. No kidding, the effort needed to "crack" those password hashes is indeed minimal. In some cases you can just look them up, no "cracking" effort needed at all! Comodo President and CEO Melih Abdulhayoglu is trying to brush off the matter, because no certificates were issued as a result of the breach, but the data posted on the internet is still sensitive whatever he says. . Quote
Administrator Tarun Posted May 26, 2011 Administrator Posted May 26, 2011 This is part of the reason why Lunarsoft no longer recommends Comodo at all. I mean, with all they've done would you trust their security? Quote
greenknight Posted May 27, 2011 Posted May 27, 2011 What, this doesn't fill you with confidence in their security expertise? :devil: Quote
Eldmannen Posted May 29, 2011 Posted May 29, 2011 Well, hopefully their developers are better at security than their administrators. Quote
James_A Posted May 29, 2011 Author Posted May 29, 2011 Maybe, but then you could say that about HB Gary as well. . Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.