Article

Comodo warns of serious SSL certificate breach

SearchSecurity.com Staff

Comodo Inc., an issuer of secure socket layer (SSL) certificates warned customers Wednesday that it issued fraudulent certificates to seven Web domains, including search engine giants Google and Yahoo after cybercriminals compromised one of its partners.

The Jersey City, New Jersey-based company issued a statement on its website explaining that it issued nine

    Requires Free Membership to View

fraudulent SSL certificates March 15 following a compromise in which an attacker obtained the username and password of one of its registration authority partners in Southern Europe. The compromise was detected within hours and the certificates were revoked immediately, the company said.

"At no time were any Comodo root keys, intermediate CAs or secure hardware compromised," the firm said in a statement. "The compromise occurred at an affiliate authorized to perform primary validation of certificate requests."

A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. RAs are part of a public key infrastructure (PKI), which creates a secure network to exchange information and money. An attacker, identified at an IP address originating from Iran, was able to use the stolen account credentials to fraudulently authenticate their IP address and impersonate certain websites and domain servers, including a SSL certificate for an add-on update server for Mozilla Firefox.

According to Brian Trzupek, Trustwave's vice president of managed identity and SSL, "obtaining a trusted certificate for a domain not under your control only represents a small portion of the attack. Once the attacker obtains the certificate, they will need to tamper with DNS to direct traffic to the fraudulent site with the fraudulent certificate."

In a statement issued by Trustwave, which also is in the business of issuing SSL certificates, Trzupek said having control of the Mozilla Firefox add-on update server could have allowed the attacker to inject any arbitrary code they desire into the Web browser, in a trusted manner, enabling the attacker to upload malware onto a victim's machine without their knowledge.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: