SSL Cert Weaknesses Exposed By Comodo Breach

Posted by timothy on Thursday March 24, 2011 @10:18PM from the well-he-showed-me-his-badge dept.

snydeq writes "InfoWorld's Woody Leonhard delves deeper into the Comodo SSL scandal and finds the breach calls into question the integrity of the SSL certification process itself. 'While the press has focused on the sensational fact that Comodo's site was hacked from an Iranian IP address, we really should be asking three questions: How did somebody working with an Iranian IP address get a username and password from Comodo with enough clearance to create SSL certificates? Why did Comodo issue SSL certificates for google.com, live.com, yahoo.com, mozilla.org, and skype.com? Why are browser updates used to revoke SSL certificates?'"

1 of 194 comments (clear)

Min score:

Reason:

Sort:

Re:Thanks Comodo by thue · 2011-03-25 00:01 · Score: 5, Informative

The beauty of it is that even if you do not buy your certificate from Comodo, you are still just as vulnerable to false certificates in your name from Comodo (Or any other of the ~650 CAs).