Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comodo Says Two More RAs Compromised

Posted by CmdrTaco on from the no-time-for-compromise dept.

Trailrunner7 writes "Officials at Comodo have acknowledged that an additional two registration authorities affiliated with the company have been compromised in the wake of the high-profile attack on the company that was disclosed last week. Addressing a list of concerns about Comodo's practices raised by customers and browser vendors in the wake of the attack, Alden said that the company is now in the process of rolling out a new two-factor authentication system for its RAs. Comodo also is installing other security measures as a result of the attack."

3 of 144 comments (clear)

  1. Simple solution. by Timmmm · · Score: 5, Interesting

    Store the certificates in DNS, and access them with DNSSEC.

    http://blog.fupps.com/2011/02/16/ssl-certificate-validation-and-dnssec/

  2. Fuck... by fuzzyfuzzyfungus · · Score: 4, Insightful

    So is "rolling out a new two factor authentication system" code for "our last two-factor authentication system consisted of 'something you know', your username, and 'something you know, your password; because, despite the fact that we are a fucking CA we just can't be bothered"?

    Other than inertia, is there any reason to give these guys a second chance, rather than just drop them from the default trusted CAs list and let the company sell itself for scrap? Generating SSL certs is technologically trivial, anybody can do it at home with commonly available free software. Essentially, the only purpose of a CA is to be competent and trustworthy about who they generate certs for. CAs aren't really software or technology companies, they are much closer to the position of escrow services or trust companies. Generating certs is just the minor 'paperwork'. Generating only the right certs for only the right people is the job. If they can't do that, they are worse than useless.

  3. Re:Removed by Anonymous Coward · · Score: 4, Informative

    delete everything under Comodo

    And the next time Firefox is updated (which happens frequently) the Comodo certificates will be back.

    For each Comodo certificate you need to click on Edit and clear all the check boxes so the certificate won't be used for anything. This change survives updates. As I pointed out in a comment the other day (for which I received many flames) this user interface is completely inadequate for managing the hundreds of certificates that ship with Firefox.