On March the 15th this year, Comodo Itally was the victim of an attack from a hacker, who is calling itself “Ich Sun”. During the attack he fraudulently issued a series of nine digital certificates.
Certificate authorities like Comodo issue the trusted digital certificates used by SSL encryption to prove that a particular computer on the Internet is what it claims to be(similar to the RSA fingerprint in the SSH connection). They are generally used by browsers when they are connecting to secure Web pages, but they’re also used to secure Internet mail and virtual private networks.
Ich Sun claims that he broke into Comodo Italy by using an SQL injection after which he entered data into a web form that tricked the back-end database into running commands that should have been prohibited. He then took advantage of another flaw to get remote access to this system and was eventually in control of the servers used by two Comodo Italy websites: GlobalTrust.it and InstantSSL.it. He said he found a password hard-coded into a file on one of the systems that ultimately allowed him to issue the digital certificates.
Comodo Italy went public with details 2 days later and started collaborating with the FBI and Italian Police for caching Ich Sun. The malicious certificates were revoked and blacklisted and the latest version of Firefox is able to detect if a website is using one of this certificates.