[SSL Observatory] comodo incident report

Steve Schultze sjs at princeton.edu
Wed Mar 23 17:56:56 PDT 2011


On Mar 23, 2011, at 4:23 PM, Jacob Appelbaum wrote:
> On 03/23/2011 12:18 PM, Hodges, Jeff wrote:
>> 
>> 
>>> Jacob Appelbaum
>>> Sent: Tuesday, March 22, 2011 10:17 PM
>>> 
>>> I wanted to start a thread about this blog post I just finished writing:
>>> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-
>>> web-browser-collusion
>> 
>> Report of incident on 15-MAR-2011
>> http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
>> 
> 
> I've replied to their update here:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion#Update

BTW, PHB has a post here:
http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/

Of note:
"An attacker obtained the username and password of a Comodo Trusted Partner in Southern Europe."
and
"A web survey revealed one of the certificates deployed on another IP address assigned to an Iranian ISP."


More information about the Observatory mailing list