Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phony Web Certs Issued For Google, Yahoo, Skype

Posted by samzenpus on Wednesday March 23, 2011 @08:23AM from the bad-apples dept.

Gunkerty Jeb writes "A major issuer of secure socket layer (SSL) certificates acknowledged on Wednesday that it had issued 9 fraudulent SSL certificates to seven Web domains, including those for Google.com, Yahoo.com and Skype.com following a security compromise at an affiliate firm. The attack originated from an IP address in Iran, according to a statement from Comodo Inc."

2 of 151 comments (clear)

Min score:

Reason:

Sort:

Firefox/IE patches released,Comodo incident report by Anonymous Coward · 2011-03-23 08:26 · Score: 5, Informative

Comodo’s advisory:
http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
Firefox released 3.6.16 yesterday:
http://www.mozilla.com/en-US/firefox/3.6.16/releasenotes/
Microsoft released an advisory and patch yesterday:
Advisory: http://www.microsoft.com/technet/security/advisory/2524375.mspx
Patch: http://support.microsoft.com/kb/2524375
Re:CRLs? by Anonymous Coward · 2011-03-23 08:41 · Score: 5, Informative

Are CRLs completely broken and unused?
Yes, they are.