Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Comodo CA acquired by Francisco Partners ...

... which also owns SonicWall and various spy upstarts

Richard Chirgwin Wed 1 Nov 2017  //  03:57 UTC

Comodo's certificate business has a new owner, and not everybody's happy about it.

That's because buyer Francisco Partners also counts among its investments companies like SonicWall, which produces SSL proxy boxes, and NSO Group, which produces government spyware, among other cyber-surveillance upstarts. Last time we heard, Francisco Partners was trying to flog Pegasus-developer NSO for about a billion bucks.

(At one point, Francisco Partners owned Blue Coat, another SSL proxy box shifter, but sold that to Symantec.)

The concern is that HTTPS certificate-issuing authorities, such as Comodo, are trusted by browsers: that's essential because website owners buy SSL/TLS certs from outfits like Comodo, and the browsers need to trust Comodo in order to verify whether or not a certificate used by a HTTPS website is legit.

If there is some kind of future collusion between Comodo and one of Francisco's spyware makers, such as the creation of trusted root certificates for SSL/TLS interception gear, then people with these surveillance devices on their network could have their encrypted web traffic silently snooped on. This kind of equipment is usually sold to enterprises to monitor staff, but it could potentially be used by governments and other organizations to spy on netizens.

As Liverpool, England-based security consultant Kevin Beaumont Tweeted:

Comodo has issued 91 million certificates to more than 200,000 customers worldwide and claims top spot in the CA market. However, its record operating its CA alongside other businesses wasn't spotless: in 2016, it was accused by Google of crafting a Chrome knockoff that undermined user security, repeating behaviour the US Department of Homeland Security criticised in 2015.

A certification issuance blunder in November 2015 resulted in the company withdrawing incorrectly-issued certificates, and it lost a trademark stoush with popular free CA LetsEncrypt last year.

Francisco Partners has appointed former Entrust COO Bill Holtz as CEO of Comodo CA, and SonicWall CEO and president Bill Conner as chairman. Comodo founder Melih Abdulhayoglu remains as minority owner and board observer. ®

PS: There's always Let's Encrypt for free, trusted HTTPS certificates...

Send us news
13 Comments

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

Apache OFBiz zero-day pummeled by exploit attempts after disclosure

Issue has been patched so be sure to check your implementations

SonicWall swallows Solutions Granted amid cybersecurity demand surge

CEO Bob VanKirk makes near-20-year partnership official, teases big things coming to EMEA

Suspected Chinese cyber spies target unpatched SonicWall devices

They've been lurking in networks since at least 2021

Ransomware down this year – but there's a catch

2021 was such a banner year for extortionists, 2022 is gonna look rosy in comparison

Ransomware less popular this year, but malware up: SonicWall cyber threat report

Be ready for a rebound, and protect yourself with patching and segmentation