Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Comodo RA Compromise InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Comodo RA Compromise

Published: 2011-03-23
Last Updated: 2011-03-23 18:11:20 UTC
by Johannes Ullrich (Version: 1)
6 comment(s)

Finally Comodo spoke up to let us know more about the certificate issue we have been covering this morning with Firefox and Microsoft releasing "certificate black list" updates. [1]

Comodo states that none of the keys and signing/intermediate CAs were compromissed. Instead, systems at an affiliate were compromised to trick the affiliate into signing fraudulent certificates. The attacker obtained username and password to log into the partners systems, and was thus able to to issue the fraudulent certificates.

According to Comodo, the breach was discovered quickly and they are pretty sure that the attacker only issued the now blacklisted certificates.



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: comodo ssl
6 comment(s)
Diary Archives