+ Post New Thread
Results 1 to 12 of 12
IT News Thread, Comodo SSL compromised, fake certificates issued, updates rushed to WSUS, et al. in Other News; 'Iranian' attackers forge Google's Gmail credentials - The Register Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored ...
  1. #1

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395

    Comodo SSL compromised, fake certificates issued, updates rushed to WSUS, et al.

    'Iranian' attackers forge Google's Gmail credentials - The Register

    Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said.
    Note: Comodo are a root certification authority that is trusted by default in all major browsers, so even if you don't use Comodo products yourself, your browser is vulnerable until updated.

    Updates that block the fake certificates were quietly snuck into Firefox 4 just before the release, Chrome included the update in 10.0.648.151, and an update for IE has been rushed to Windows Update today, and is already in WSUS.

    Certificates were issued for the following names:

    • login.live.com
    • mail.google.com
    • www.google.com
    • login.yahoo.com (3 certificates)
    • login.skype.com
    • addons.mozilla.org
    • "Global Trustee"


    So, you know, nothing important or anything... :S
    Last edited by AngryTechnician; 23rd March 2011 at 10:13 PM. Reason: Updated to emphasise that you don't need to use Comodo products to be vulnerable

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,941
    Thank Post
    519
    Thanked 2,499 Times in 1,940 Posts
    Blog Entries
    24
    Rep Power
    840
    Wow, that's a serious problem. How on Earth did Comodo get hacked?! That's very worrying!

  3. #3

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,848
    Thank Post
    3,363
    Thanked 1,062 Times in 982 Posts
    Rep Power
    366
    i dont use comodo products but i presume this is still an issue as they can fake certificates for different providers ie skype, gmail etc ??

  4. #4

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    Tip: If you set an install deadline in WSUS that is in the past (say today at midday), machines will install the update as soon as they check in with WSUS, instead of waiting for their regular daily update time (which they might have missed and therefore have to wait another 24 hours). The update does not appear to require a reboot.

  5. #5

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    Quote Originally Posted by mac_shinobi View Post
    i dont use comodo products but i presume this is still an issue as they can fake certificates for different providers ie skype, gmail etc ??
    Comodo are a root certification authority that is trusted by all major browsers. You don't need to be a customer of any of their products to be vulnerable. I've updated the top post to note this.

  6. #6
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,034
    Thank Post
    97
    Thanked 161 Times in 110 Posts
    Rep Power
    60
    Cheers for the deadline tip, I've never really read into how the deadline thing works. I look forward to my WSUS server being hammered in the morning :P

  7. #7

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,826
    Thank Post
    1,823
    Thanked 2,252 Times in 1,658 Posts
    Rep Power
    805
    Ta for that... I've popped in on Logmein and sorted WSUS

  8. #8
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,034
    Thank Post
    97
    Thanked 161 Times in 110 Posts
    Rep Power
    60
    ah remote access :P both a blessing and a curse. Great for getting stuff done.. Bad because you do stuff outside of work hours!
    *goes back to service packing servers *

  9. #9

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,645
    Thank Post
    931
    Thanked 1,340 Times in 819 Posts
    Blog Entries
    1
    Rep Power
    448
    I wonder if/when safari will get plugged. Also I wonder if mobiles would be affected. I would expect so.

    Cheers for the tip.

  10. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,133
    Thank Post
    232
    Thanked 2,734 Times in 2,015 Posts
    Rep Power
    799
    I wonder if the people responsible for this attack were also the ones behind the Stuxnet rootkit which used a stolen digital certificate from Realtek?

    The digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers. (Source)

  11. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,817
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    JUST BUMPING THIS for people that havn't seen!

  12. #12


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,133
    Thank Post
    232
    Thanked 2,734 Times in 2,015 Posts
    Rep Power
    799
    Another bump; plus if you use Safari you will want to read this article...

    http://blog.intego.com/2011/03/24/pr...-certificates/

    The security breach threw a monkey wrench in this process, by allowing hackers to essentially pretend that a site of their own creation was in fact Google, Yahoo, or Skype. Backed by the fraudulent certificates, these fake sites could be used to trick people into giving up all sorts of personal information.

    Luckily, certificate authorities can revoke those digital certificates, rendering them useless to the would-be hackersóbut it only works if your browser knows the certificates have been revoked. This process doesnít happen automatically in all browsers. Safari, in particular, relies on the built-in security management features of Mac OS Xís Keychain Manageróand Keychain Managerís validation feature is off by default.

    Fortunately, as Intego mentions in its blog post, it only takes a couple of clicks to make Safari safe from this potential vulnerability again. All you need to do is run Keychain Access (found in your /Applications/Utilities folder, or by just typing its name into Spotlight) and then make sure that the various certificate-revocation protocols are enabled in the appís settings panel. Visit the link above for full instructions. However, itís worth noting that enabling these options can slow down your browsing process. (Source)

SHARE:
+ Post New Thread

Similar Threads

  1. SSL certificates on an IP address
    By Jambo_C in forum How do you do....it?
    Replies: 0
    Last Post: 3rd September 2010, 08:46 AM
  2. ssl certificates
    By PEO in forum General Chat
    Replies: 4
    Last Post: 4th January 2008, 09:14 PM
  3. Creating SSL certificates.
    By Dos_Box in forum Windows
    Replies: 28
    Last Post: 11th November 2007, 09:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •