You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
Syria-Lebanon-Iran
Iran Fingered For Fraudulent Comodo SSL Certificates
2011-03-26
On Wednesday, digital certificate issuer Comodo released a security warning that its European affiliate had issued nine fraudulent SSL certificates. The certificates -- used by Web sites to confirm the identity of end users -- were issued without sufficient identity validation, and were apparently obtained by the government of Iran.

All certificates have been revoked by Comodo. They involve seven domains: Firefox extensions (addons.mozilla.org), Global Trustee, Gmail (mail.google.com), Google (www.google.com), Skype (login.skype.com), Windows Live including Hotmail (login.live.com), and Yahoo (login.yahoo.com -- 3 certificates).

What's the threat posed by real security certificates being issued to the wrong party? According to Microsoft, "these certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer."

Or to gather intelligence. "If you are a government and able to control Internet routing within your country, you can reroute all, say, Skype users to [a] fake https://login.skype.com and collect their usernames and passwords, regardless of the SSL encryption seemingly in place," said Mikko Hypponen, chief research officer at F-Secure, in a blog post."Or you can read their email when they go to Yahoo, Gmail, or Hotmail. Even most geeks wouldn't notice this was going on."

Who would try to obtain fraudulent certificates? Comodo says that circumstantial evidence points to a state-backed operation run by Iran, due to the speed and accuracy of the operation, as well as the focus. "The perpetrator has focused simply on the communication infrastructure -- not the financial infrastructure as a typical cyber-criminal might," according to Comodo's incident report.
Posted by:Crerenter Unairong2430

#1  Comodo says that circumstantial evidence points to a state-backed operation run by Iran, due to the speed and accuracy of the operation, as well as the focus.

Likely, but I can think of a few other nations as well.
Posted by: Pappy   2011-03-26 10:33  

00:00