IT News Thread, Comodo SSL compromised, fake certificates issued, updates rushed to WSUS, et al. in Other News; 'Iranian' attackers forge Google's Gmail credentials - The Register
Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored ...
23rd March 2011, 10:30 PM #1
Comodo SSL compromised, fake certificates issued, updates rushed to WSUS, et al.
'Iranian' attackers forge Google's Gmail credentials - The Register
Note: Comodo are a root certification authority that is trusted by default in all major browsers, so even if you don't use Comodo products yourself, your browser is vulnerable until updated.
Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said.
Updates that block the fake certificates were quietly snuck into Firefox 4 just before the release, Chrome included the update in 10.0.648.151, and an update for IE has been rushed to Windows Update today, and is already in WSUS.
Certificates were issued for the following names:
- login.yahoo.com (3 certificates)
- "Global Trustee"
So, you know, nothing important or anything... :S
Last edited by AngryTechnician; 23rd March 2011 at 11:13 PM.
Reason: Updated to emphasise that you don't need to use Comodo products to be vulnerable
23rd March 2011, 10:41 PM #2
Wow, that's a serious problem. How on Earth did Comodo get hacked?! That's very worrying!
23rd March 2011, 11:08 PM #3
i dont use comodo products but i presume this is still an issue as they can fake certificates for different providers ie skype, gmail etc ??
23rd March 2011, 11:09 PM #4
Tip: If you set an install deadline in WSUS that is in the past (say today at midday), machines will install the update as soon as they check in with WSUS, instead of waiting for their regular daily update time (which they might have missed and therefore have to wait another 24 hours). The update does not appear to require a reboot.
23rd March 2011, 11:12 PM #5
Comodo are a root certification authority that is trusted by all major browsers. You don't need to be a customer of any of their products to be vulnerable. I've updated the top post to note this.
Originally Posted by mac_shinobi
23rd March 2011, 11:42 PM #6
Cheers for the deadline tip, I've never really read into how the deadline thing works. I look forward to my WSUS server being hammered in the morning :P
24th March 2011, 12:11 AM #7
Ta for that... I've popped in on Logmein and sorted WSUS
24th March 2011, 12:29 AM #8
ah remote access :P both a blessing and a curse. Great for getting stuff done.. Bad because you do stuff outside of work hours!
*goes back to service packing servers *
24th March 2011, 12:45 AM #9
I wonder if/when safari will get plugged. Also I wonder if mobiles would be affected. I would expect so.
Cheers for the tip.
24th March 2011, 01:12 AM #10
I wonder if the people responsible for this attack were also the ones behind the Stuxnet rootkit which used a stolen digital certificate from Realtek?
The digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers. (Source
24th March 2011, 10:01 AM #11
JUST BUMPING THIS for people that havn't seen!
24th March 2011, 09:36 PM #12
Another bump; plus if you use Safari you will want to read this article...
The security breach threw a monkey wrench in this process, by allowing hackers to essentially pretend that a site of their own creation was in fact Google, Yahoo, or Skype. Backed by the fraudulent certificates, these fake sites could be used to trick people into giving up all sorts of personal information.
Luckily, certificate authorities can revoke those digital certificates, rendering them useless to the would-be hackersóbut it only works if your browser knows the certificates have been revoked. This process doesnít happen automatically in all browsers. Safari, in particular, relies on the built-in security management features of Mac OS Xís Keychain Manageróand Keychain Managerís validation feature is off by default
Fortunately, as Intego mentions in its blog post
, it only takes a couple of clicks to make Safari safe from this potential vulnerability again. All you need to do is run Keychain Access (found in your /Applications/Utilities folder, or by just typing its name into Spotlight) and then make sure that the various certificate-revocation protocols are enabled in the appís settings panel. Visit the link above for full instructions. However, itís worth noting that enabling these options can slow down your browsing process. (Source
By Jambo_C in forum How do you do....it?
Last Post: 3rd September 2010, 09:46 AM
By PEO in forum General Chat
Last Post: 4th January 2008, 10:14 PM
By Dos_Box in forum Windows
Last Post: 11th November 2007, 10:22 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)