Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom Español


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Training:


Offensive Countermeasures: Defensive Techniques That Actually Work:


SANSFIRE 2012 (July 7-8)


Blackhat 2012 (July 21-22 & 23-24)


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Visit PaulDotCom Insider


Comodo and Feeding Trolls

By
John Strand
on March 29, 2011 11:54 AM |
Short post today. I am currently in the middle of teaching SANS 504 in Orlando and I am quite stoked to learn that @CoryKennedy will be joining the class today. If you have not already, you should check out his blog here. However, I did want to mention the Comodo attack briefly. It turns out the attacker is modeling his hacking career after Charlie Sheen. Please see below:
PastedGraphic-1.tiff
Now, I know I am breaking a key rule of the Internet because I am feeding an obvious troll. But, dang... If that aint funny.
2troll.jpg
However, this is another attack that highlights just how bad things can get if an attacker gets a single SSL provider. In this attack it looks as though he compromised GlobalTrust.it and InstantSSL.it who were partners of Comodo. From there he was able to forge certificates for Skype, Yahoo, Google and Mozilla. You should go back and read that last line again... I'll wait. What does this mean to the industry as a whole? Well, it is once again showing there can be weaknesses in every security layer we implement. Once again, we need to look at our security architecture and look for any components where failure can lead to total failure of the architecture. As for trolls, don’t feed them...Unless it’s fun.

Categories: