+ Post New Thread
Results 1 to 12 of 12
IT News Thread, Comodo SSL compromised, fake certificates issued, updates rushed to WSUS, et al. in Other News; 'Iranian' attackers forge Google's Gmail credentials - The Register Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored ...
  1. #1

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395

    Comodo SSL compromised, fake certificates issued, updates rushed to WSUS, et al.

    'Iranian' attackers forge Google's Gmail credentials - The Register

    Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said.
    Note: Comodo are a root certification authority that is trusted by default in all major browsers, so even if you don't use Comodo products yourself, your browser is vulnerable until updated.

    Updates that block the fake certificates were quietly snuck into Firefox 4 just before the release, Chrome included the update in 10.0.648.151, and an update for IE has been rushed to Windows Update today, and is already in WSUS.

    Certificates were issued for the following names:

    • login.live.com
    • mail.google.com
    • www.google.com
    • login.yahoo.com (3 certificates)
    • login.skype.com
    • addons.mozilla.org
    • "Global Trustee"


    So, you know, nothing important or anything... :S
    Last edited by AngryTechnician; 23rd March 2011 at 11:13 PM. Reason: Updated to emphasise that you don't need to use Comodo products to be vulnerable

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,343
    Thank Post
    525
    Thanked 2,597 Times in 2,015 Posts
    Blog Entries
    24
    Rep Power
    888
    Wow, that's a serious problem. How on Earth did Comodo get hacked?! That's very worrying!

  3. #3

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,982
    Thank Post
    3,531
    Thanked 1,107 Times in 1,014 Posts
    Rep Power
    374
    i dont use comodo products but i presume this is still an issue as they can fake certificates for different providers ie skype, gmail etc ??

  4. #4

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    Tip: If you set an install deadline in WSUS that is in the past (say today at midday), machines will install the update as soon as they check in with WSUS, instead of waiting for their regular daily update time (which they might have missed and therefore have to wait another 24 hours). The update does not appear to require a reboot.

  5. #5

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    Quote Originally Posted by mac_shinobi View Post
    i dont use comodo products but i presume this is still an issue as they can fake certificates for different providers ie skype, gmail etc ??
    Comodo are a root certification authority that is trusted by all major browsers. You don't need to be a customer of any of their products to be vulnerable. I've updated the top post to note this.

  6. #6
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,038
    Thank Post
    97
    Thanked 161 Times in 110 Posts
    Rep Power
    60
    Cheers for the deadline tip, I've never really read into how the deadline thing works. I look forward to my WSUS server being hammered in the morning :P

  7. #7

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,045
    Thank Post
    1,895
    Thanked 2,367 Times in 1,742 Posts
    Rep Power
    831
    Ta for that... I've popped in on Logmein and sorted WSUS

  8. #8
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,038
    Thank Post
    97
    Thanked 161 Times in 110 Posts
    Rep Power
    60
    ah remote access :P both a blessing and a curse. Great for getting stuff done.. Bad because you do stuff outside of work hours!
    *goes back to service packing servers *

  9. #9

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,775
    Thank Post
    960
    Thanked 1,378 Times in 842 Posts
    Blog Entries
    1
    Rep Power
    456
    I wonder if/when safari will get plugged. Also I wonder if mobiles would be affected. I would expect so.

    Cheers for the tip.

  10. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,620
    Thank Post
    250
    Thanked 2,904 Times in 2,137 Posts
    Rep Power
    829
    I wonder if the people responsible for this attack were also the ones behind the Stuxnet rootkit which used a stolen digital certificate from Realtek?

    The digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers. (Source)

  11. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    JUST BUMPING THIS for people that havn't seen!

  12. #12


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,620
    Thank Post
    250
    Thanked 2,904 Times in 2,137 Posts
    Rep Power
    829
    Another bump; plus if you use Safari you will want to read this article...

    http://blog.intego.com/2011/03/24/pr...-certificates/

    The security breach threw a monkey wrench in this process, by allowing hackers to essentially pretend that a site of their own creation was in fact Google, Yahoo, or Skype. Backed by the fraudulent certificates, these fake sites could be used to trick people into giving up all sorts of personal information.

    Luckily, certificate authorities can revoke those digital certificates, rendering them useless to the would-be hackersóbut it only works if your browser knows the certificates have been revoked. This process doesnít happen automatically in all browsers. Safari, in particular, relies on the built-in security management features of Mac OS Xís Keychain Manageróand Keychain Managerís validation feature is off by default.

    Fortunately, as Intego mentions in its blog post, it only takes a couple of clicks to make Safari safe from this potential vulnerability again. All you need to do is run Keychain Access (found in your /Applications/Utilities folder, or by just typing its name into Spotlight) and then make sure that the various certificate-revocation protocols are enabled in the appís settings panel. Visit the link above for full instructions. However, itís worth noting that enabling these options can slow down your browsing process. (Source)



SHARE:
+ Post New Thread

Similar Threads

  1. SSL certificates on an IP address
    By Jambo_C in forum How do you do....it?
    Replies: 0
    Last Post: 3rd September 2010, 09:46 AM
  2. ssl certificates
    By PEO in forum General Chat
    Replies: 4
    Last Post: 4th January 2008, 10:14 PM
  3. Creating SSL certificates.
    By Dos_Box in forum Windows
    Replies: 28
    Last Post: 11th November 2007, 10:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •