Latest news
The investigation Comodo has mounted following the recent compromise of one of its Registration Authorities and the issuing of rogue certificates for popular sites has revealed that two additional RAs have been compromised but that no more bogus certificates had been issued.According to Robin Alden, Comodo's Chief Technical Office, those RAs had their privileges immediately withdrawn. He shared no further details about the initial compromise or these last two, but made sure to point out that their CA systems, their hardware security modules and private key material have not been compromised in any way.
The message posted by him on a discussion thread concerning the attack contains also an account of measures that Comodo is currently undertaking to prevent this kind of compromise in the future.
"We are rolling out improved authentication for all RA accounts. We are implementing both IP address restriction and hardware based two-factor authentication. The rollout of two-factor tokens is in progress but will take another couple of weeks to complete. Until that process is complete Comodo will review 100% of all RA validation work before issuing any certificate," he explained.
He also mentioned that they have taken in consideration Mozilla's advice that they stop issuing certificates to the RAs that request them directly from their own root.
"We understand Mozilla's request that we move to having a separate sub_CA certificate per RA. Currently many of our end entity certificates are issued from RA-specific sub-CAs but some (like this incident) are not. As a short-term measure we will move towards issuing all certificates from sub-CAs," he clarified. "Initially some of these will be Comodo-branded and there will not be a 1:1 match between RAs and sub-CAs, but we think this will give Mozilla the flexibility they seek in this regard. In the slightly longer term we will move to a sub-CA per RA."
According to the latest message posted by the self-styled "Comodo Hacker", the information about two more RAs being compromised is correct. "From listed resellers of Comodo, I owned 3 of them, not only Italian one, but I interested more in Italian brach because they had too many codes, works, domains, (globaltrust, cybertech, instantssl, etc.) so I thought they are more tied with Comodo," he explains.
Whether he was actually behind the attacks or not is still being debated by the security community, but there is at least one researcher that believes the Comodo Hacker tells the truth: Robert Graham from Errata Security says he verified the private key of the forged certificates and that it is valid.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
