Security News > 2011 > March > Comodo hacker claims another certificate authority

Comodo hacker claims another certificate authority
2011-03-31 06:10

http://www.computerworld.com/s/article/9215360/Comodo_hacker_claims_another_certificate_authority By Robert McMillan IDG News Service March 30, 2011 The hacker who claimed credit for breaking into systems belonging to digital certificate vendor Comodo said he has compromised another certificate authority, along with two more Comodo partners, a move that could further undermine trust in the system used to secure websites on the Internet. In an e-mail interview Tuesday the hacker, who calls himself "Ich Sun," said he'd breached security at another certificate authority, but declined to provide details on the incident or any proof that he'd managed to pull off another attack. "Talking about second CA have no use for me, except giving away my work and corrupting it, sorry," he said in the broken English he's used in all public communications. He may have succeeded by breaking into a Comodo partner who was also able to create digital certificates through another certificate authority (CA). Over the past weekend, Ich Sun tried to compromise two other Comodo partners, one of whom also partnered with a different certificate authority according to Comodo CEO Melih Abdulhayoglu. Neither of the attacks was successful against the Comodo system, thanks to newly introduced security measures, but Abdulhayoglu does not know whether the second CA was compromised, he said. Certificate authorities like Comodo issue the trusted digital certificates used by SSL (Secure Sockets Layer) encryption to prove that a particular computer on the Internet is what it claims to be: that the computer you visit when you type Google.com actually belongs to Google, for example. Browsers use these digital certificates when they're connecting to secure Web pages, but they're also used to secure Internet mail and virtual private networks. CAs often work with partners, called registration authorities, who charge to confirm the identity of the company and then use the CA's system to generate a cryptographic signature for the company in question. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/


News URL

http://www.computerworld.com/s/article/9215360/Comodo_hacker_claims_another_certificate_authority

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Comodo 10 5 25 15 5 50