Feeds

Claimed DigiNotar hacker: I have access to four more CAs

Iranian 'Comodohacker' says he can still issue bogus certs

Beginner's guide to SSL certificates

The digital miscreant known as ComodoHacker has claimed responsibility for the high-profile DigiNotar digital certificate authority hack.

Soon after the Comodo forged certificates hack an Iranian using the handle Comodohacker posted a series of messages via Pastebin account providing evidence that he carried out the attack. The account, which has been dormant since March, sprung back to life on Tuesday with claims that the individual or individuals behind it hacked DigiNotar as well, net security firm F-Secure reports.

The hacker boasted he still has access to four other (unnamed) "high-profile" CAs and retains the ability to issue new rogue certificates, including code signing certificates. The hacker (active on Twitter under the username ichsunx2) claimed that the domain administrator password of the DigiNotar network was Pr0d@dm1n.

Compromises against both Comodo affiliates and DigiNotar allowed hackers to generate bogus SSL certificates. The certificates create a means to mount convincing man-in-the-middle or phishing attacks. Evidence suggests that a rogue certificate issued in July under the name of Google as the result of the DigiNotar hack was used to spy on Iranian internet users.

The still-unfolding DigiNotar saga further underlines the fragility in the net's foundation of trust first highlighted by the Comodo hack. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.