Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


20110315: Comodo issues 9 fraudulent certificates after a hacking

Comodo has been deluded to issue 9 certificates for well-known websites ((google, yahoo, skype...) on March 15, 2011.

The attacker actually used the login and password of one of Comodo Registration Authority (RA°. To this day we do not know how he got those access (theft? hacking ?) but it is not a brut force attack.

Certificates have been quickly discovered and revoked by Comodo but, regarding the risk level, Comodo has contacted browsers editors in order for them to integrate a certificates blacklist. It has been done on March 23rd.

Comodo then released the information publicly by publishing those 2 articles:

It should have never happened! It happened because the authentication used (to connect to Comodo interface) was weak, based on a login/password system.

If you are managing users, you know it: they store their password anuhow, they use words easy to figure out or worst they use the same password anywhere.

It should lead to a reflexion on the weak authentication access: imagine what an evil-minded personn could do in your systems with a stolen password!

Here at TBS INTERNET, we are concerned: most of our customers choose weak authentication (username/password). Even though they can choose between weak or strong authentication! We will soon introduced new measures to limit the risks.

Comodo took actions too: weak authentication is going to be removed and a cryptographic token holding a certificate will be distributed to RA. Moreover, a DCV challenge will be added in the certificate deliverance process.

Results

  • Comodo infrastructure has never been compromised. Comodo's roots are safe and remains functional.
  • Comodo currently deploys strong authentication by certificate for its Registration Authorities
  • A DCV challenge is being deployed for all certificates (except for EV ones)