Articles about comodo

handshake

Comodo CA acquired by Francisco Partners ...

Comodo's certificate business has a new owner, and not everybody's happy about it. That's because buyer Francisco Partners also counts among its investments companies like SonicWall, which produces SSL proxy boxes, and NSO Group, which produces government spyware, among other cyber-surveillance upstarts. Last time we heard, …

Comodo database glitch causes billing problems

Updated While the rest of the world had its eyes firmly on the WannaCrypt outbreak, digital certificate firm Comodo suffered an unrelated but protracted database problem that affected its billing systems. The Register learned of the issue from reader Ian Barber who came across the problem in the process of getting a new SSL …
John Leyden, 19 May 2017
Image: Seinfield. Credit: NBC.

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own. That cert could be used to impersonate the website, allowing passwords and other sensitive information to be swiped from victims in man-in-the-middle attacks. The infosec bods, Florian Heinz …
Shaun Nichols, 21 Oct 2016

Let's Encrypt in trademark drama

The group behind the Let's Encrypt certificate authority (CA) says that its name could be in doubt thanks to rival CA Comodo Group. The Internet Security Research Group (ISRG) says that it is currently locked in a conflict with Comodo, who it claims is trying to trademark the "Let's Encrypt" name despite its previous filings …
Shaun Nichols, 23 Jun 2016
fail

Comodo's 'security' kit installed a lame VNC server on PCs on the sly

Google's Project Zero has found yet another blunder in Comodo's internet "security" software – a VNC server enabled by default with a predictable password. Earlier this month, Googler Tavis Ormandy pointed out that Comodo's custom web browser, dubbed Chromodo, was about as unsafe as a lace condom thanks to terrible security …
Iain Thomson, 18 Feb 2016

Comodo kills 'forbidden' certs

Certificate authority Comodo has revoked a bunch of certificates issued by mistake, which included reserved IP addresses and internal server names. In announcing its discovery to the Certificate Authority and Browser Forum's (CA/B) mailing list, here, the CA's senior R&D scientist Rob Stradling wrote there are other non-Comodo …

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Updated The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo. Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog. What is PrivDog? Let's allow the US Computer Emergency …
John Leyden, 24 Feb 2015

Bank-raid ZeuS malware waltzes around web with 'valid app signature'

A variant of the bank-account-raiding ZeuS Trojan is masquerading as a legit Windows app using a valid digital signature – and packs a rootkit to burrow deep into victims' PCs. It appears miscreants have somehow gained access to the private signing key belonging to a Microsoft-registered third-party developer in Switzerland, …
John Leyden, 5 Apr 2014
The Register breaking news

Marlinspike asks browser vendors to back SSL-validator

Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials. The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust …
John Leyden, 8 Feb 2012
The Register breaking news

DigiNotar goes titsup: Disgraced certificate firm is sunk

Disgraced digital certificate firm DigiNotar has filed for bankruptcy in The Netherlands. Hackers broke into DigiNotar's systems in June before creating forged digital certificates in the names of Google and other high-profile targets. The forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, …
John Leyden, 20 Sep 2011
The Register breaking news

GlobalSign says 'isolated' webserver was hacked

Web authentication authority GlobalSign, which voluntarily suspended operations last week while it investigated claims its security was breached, said it has uncovered evidence that one of its servers has been compromised. "The breached web server has always been isolated from all other infrastructure and is used only to serve …
Dan Goodin, 12 Sep 2011
The Register breaking news

GlobalSign stops issuing SSL certs, probes hacker claims

GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar. The self-named Comodohacker used pastebin in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The …
John Leyden, 7 Sep 2011
The Register breaking news

Inside 'Operation Black Tulip': DigiNotar hack analysed

The Google webmail of as many as 300,000 Iranians may have been intercepted using fraudulently issued security certificates made after a hack against Dutch certificate authority outfit DigiNotar, according to the preliminary findings of an official report into the megahack. Fox-IT, the security consultancy hired to examine the …
John Leyden, 6 Sep 2011
The Register breaking news

Claimed DigiNotar hacker: I have access to four more CAs

The digital miscreant known as ComodoHacker has claimed responsibility for the high-profile DigiNotar digital certificate authority hack. Soon after the Comodo forged certificates hack an Iranian using the handle Comodohacker posted a series of messages via Pastebin account providing evidence that he carried out the attack. …
John Leyden, 6 Sep 2011
The Register breaking news

New hack on Comodo reseller exposes private data

Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, the servers of a separate registration authority were hacked by attackers …
Dan Goodin, 24 May 2011
The Register breaking news

Comodo admits 2 more resellers pwned in SSL cert hack

Comodo has admitted a further two registration authorities tied to the digital certificates firm were hit by a high-profile forged digital certificate attack earlier this month. No forged certificates were issued as a result of the assault on victims two and three of the attack, but confirmation that multiple resellers in the …
John Leyden, 30 Mar 2011
The Register breaking news

Comodo-gate hacker brags about forged certificate exploit

An Iranian hacker has stepped forward to claim responsibility for the SSL certificate hack against Comodo, providing an insight into how the high-profile hack might have been pulled off. The lock-picker – who claimed he had "1,000 times" the experience of any hacker or programmer – asserted that after compromising Comodo's …
John Leyden, 28 Mar 2011
The Register breaking news

'Iranian' attackers forge Google's Gmail credentials

Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said. The March 15 intrusion came from IP addresses belonging to an …
Dan Goodin, 23 Mar 2011

Create a news alert about comodo, or find more stories about comodo.

Biting the hand that feeds IT © 1998–2017