SSL Cert Weaknesses Exposed By Comodo Breach

snydeq writes "InfoWorld's Woody Leonhard delves deeper into the Comodo SSL scandal and finds the breach calls into question the integrity of the SSL certification process itself. 'While the press has focused on the sensational fact that Comodo's site was hacked from an Iranian IP address, we really should be asking three questions: How did somebody working with an Iranian IP address get a username and password from Comodo with enough clearance to create SSL certificates? Why did Comodo issue SSL certificates for google.com, live.com, yahoo.com, mozilla.org, and skype.com? Why are browser updates used to revoke SSL certificates?'"

There really is no proof the hackers are from Iran

All we have is Comodo claiming they were from Iran, and an IP address. But why should we trust them? If you ask me, Iran fits in a bit too well as the bad guys.

Re:Even more important

[TheRaven64]

How? I have an account, and I've clicked on the load all comments button in preferences, but I still only get 250 comments by default. Other complaints:

• It's still a fixed-width layout, so I have scroll bars unless I make my browser window wider (what is this, 1998?)
• In a recent update, some event handler when I reply to a comment in the page that opens when I jump to a specific comment (e.g. in a message) decides to jump me back to the top of the thread and makes the input text field lose focus