Comodo hacker claim no relation to Iranian Cyber Army !
The alleged hacker of Comodo stepped frontwards this weekend to explicate how he generated bogus SSL certificates for login.skype.com, mail.google.com, login.live.com as well as other pop meshwork websites.
His storey is that he was able to compromise Comodo's partner GlobalTrust.it as well as InstantSSL.it. Both sites are currently "under construction."
He brags how he decided to pick out downwardly the SSL source certificate organization as well as began yesteryear attacking the RSA algorithm, but when he flora the vulnerabilities inwards these websites he decided on that approach.
On that signal I would pick out to care amongst him, every bit hacking the RSA algorithm seems a significantly to a greater extent than hard challenge, but the text of his "manifesto" is thus total of bravado it is hard to fifty-fifty read.
While investigating how he powerfulness compromise a Certificate Authority (CA) he stumbled upon InstantSSL.it as well as their utilisation of a DLL on their site used to submit Certificate Signing Requests (CSRs) for immediate signing yesteryear the CA.
Upon disassembling this DLL, he discovered a plainly text username as well as password used every bit utilisation of the CSR submission process, allowing him to submit whatever CSR he wished to live on signed yesteryear Comodo as well as straight off recall the signed certificate.
Initially it was unclear if this guy was for real, as well as of course of report it is notwithstanding impossible to tell. He did post about of the source from TrustDLL.dll to pastebin, including the parts used for authentication that stored the unencrypted password.
Once over again nosotros come upwards dorsum to insecure passwords as well as password treatment techniques. Fortunately the touching of this incident is quite pocket-size as well as may live on a wake-up telephone telephone for the certificate manufacture every bit a whole.
As Mozilla pointed out inwards a weblog post, the do of straight signing certificates amongst the source certificate, every bit Comodo had been doing, is actually bad practice.
The 1 remaining mystery is this: If it was a solitary hacker making a point, why final result certificates for these specific websites, all related to secure communication methods frequently used yesteryear dissidents to organize protests as well as part intelligence amongst the world? His ramblings sure exhibit his back upwards for Mahmoud Ahmadinejad as well as the electrical current Iranian regime, but at that topographic point are no conclusive ties to his government.
Share This :
comment 0 Comments
more_vert