Updated While the rest of the world had its eyes firmly on the WannaCrypt outbreak, digital certificate firm Comodo suffered an unrelated but protracted database problem that affected its billing systems. The Register learned of the issue from reader Ian Barber who came across the problem in the process of getting a new SSL …

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own. That cert could be used to impersonate the website, allowing passwords and other sensitive information to be swiped from victims in man-in-the-middle attacks. The infosec bods, Florian Heinz …

The group behind the Let's Encrypt certificate authority (CA) says that its name could be in doubt thanks to rival CA Comodo Group. The Internet Security Research Group (ISRG) says that it is currently locked in a conflict with Comodo, who it claims is trying to trademark the "Let's Encrypt" name despite its previous filings …

Google's Project Zero has found yet another blunder in Comodo's internet "security" software – a VNC server enabled by default with a predictable password. Earlier this month, Googler Tavis Ormandy pointed out that Comodo's custom web browser, dubbed Chromodo, was about as unsafe as a lace condom thanks to terrible security …

Certificate authority Comodo has revoked a bunch of certificates issued by mistake, which included reserved IP addresses and internal server names. In announcing its discovery to the Certificate Authority and Browser Forum's (CA/B) mailing list, here, the CA's senior R&D scientist Rob Stradling wrote there are other non-Comodo …

Updated The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo. Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog. What is PrivDog? Let's allow the US Computer Emergency …

A variant of the bank-account-raiding ZeuS Trojan is masquerading as a legit Windows app using a valid digital signature – and packs a rootkit to burrow deep into victims' PCs. It appears miscreants have somehow gained access to the private signing key belonging to a Microsoft-registered third-party developer in Switzerland, …

Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials. The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust …

Disgraced digital certificate firm DigiNotar has filed for bankruptcy in The Netherlands. Hackers broke into DigiNotar's systems in June before creating forged digital certificates in the names of Google and other high-profile targets. The forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, …

Web authentication authority GlobalSign, which voluntarily suspended operations last week while it investigated claims its security was breached, said it has uncovered evidence that one of its servers has been compromised. "The breached web server has always been isolated from all other infrastructure and is used only to serve …

GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar. The self-named Comodohacker used pastebin in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The …

The Google webmail of as many as 300,000 Iranians may have been intercepted using fraudulently issued security certificates made after a hack against Dutch certificate authority outfit DigiNotar, according to the preliminary findings of an official report into the megahack. Fox-IT, the security consultancy hired to examine the …

The digital miscreant known as ComodoHacker has claimed responsibility for the high-profile DigiNotar digital certificate authority hack. Soon after the Comodo forged certificates hack an Iranian using the handle Comodohacker posted a series of messages via Pastebin account providing evidence that he carried out the attack. …

Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, the servers of a separate registration authority were hacked by attackers …

Comodo has admitted a further two registration authorities tied to the digital certificates firm were hit by a high-profile forged digital certificate attack earlier this month. No forged certificates were issued as a result of the assault on victims two and three of the attack, but confirmation that multiple resellers in the …

An Iranian hacker has stepped forward to claim responsibility for the SSL certificate hack against Comodo, providing an insight into how the high-profile hack might have been pulled off. The lock-picker – who claimed he had "1,000 times" the experience of any hacker or programmer – asserted that after compromising Comodo's …

Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said. The March 15 intrusion came from IP addresses belonging to an …

Security researchers have uncovered weaknesses in low-assurance digital certificates that create a means for miscreants to mount more convincing man-in-the-middle (MITM) attacks. MITMs involve a hacker planting himself between two parties in a dialogue, relaying messages between them and effectively controlling the …