Comodo Certificates Issue

On March the 15th this year, Comodo Itally was the victim of an attack from a hacker, who is calling itself “Ich Sun”. During the attack he fraudulently issued a series of nine digital certificates.

Certificate authorities like Comodo issue the trusted digital certificates used by SSL encryption to prove that a particular computer on the Internet is what it claims to be(similar to the RSA fingerprint in the SSH connection). They are generally used by browsers when they are connecting to secure Web pages, but they’re also used to secure Internet mail and virtual private networks.

Ich Sun claims that he broke into Comodo Italy by using an SQL injection after which he entered data into a web form that tricked the back-end database into running commands that should have been prohibited. He then took advantage of another flaw to get remote access to this system and was eventually in control of the servers used by two Comodo Italy websites: GlobalTrust.it and InstantSSL.it. He said he found a password hard-coded into a file on one of the systems that ultimately allowed him to issue the digital certificates.

Comodo Italy went public with details 2 days later and started collaborating with the FBI and Italian Police for caching Ich Sun. The malicious certificates were revoked and blacklisted and the latest version of Firefox is able to detect if a website is using one of this certificates.

Resources

http://www.computerworld.com/s/article/9215360/Comodo_hacker_claims_another_certificate_authority?taxonomyId=17&pageNumber=2

http://news.cnet.com/8301-31921_3-20050581-281.html

http://blog.mozilla.com/security/2011/03/25/comodo-certificate-issue-follow-up/

Advertisements

About Stefan Fodor

inscriptie pe un mormant
This entry was posted in IT Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s