Feeds

back to article Comodo-gate hacker brags about forged certificate exploit

An Iranian hacker has stepped forward to claim responsibility for the SSL certificate hack against Comodo, providing an insight into how the high-profile hack might have been pulled off. The lock-picker – who claimed he had "1,000 times" the experience of any hacker or programmer – asserted that after compromising Comodo's …

COMMENTS

This topic is closed for new posts.
Stop

Please Stop

Adding 'gate' to any kind of scandal.

Thanks

The world

10
1
Anonymous Coward

Scandal Named in Scandal Naming Shocker

"Please stop adding 'gate' to any kind of scandal. Thanks," said the world in what commentators are already calling Gategate.

10
0
Silver badge

You what?

Stirrng up trouble? - this is now Gategategate.

0
0
Alert

CA-Gate

http://www.devquotes.com/2011/03/27/comodohacker-response/#more-813

0
0

Let's not lose focuse - Comodo was HACKED

Did you see how easy it was for the alleged hacker to get into their systems?

It's absurd how insecure Comodo is, yet everyone is talking is it Iran or isn't it.

The root problem in all of this is that Comodo has weak security and REFUSES to do anything about it.

This is nothing new for Comodo. They had incidents in 2008 & 2009.

Instead of spending time deflecting blame, why don't they try to clean their own house.

4
0

1000 times any other programmer!

The smell up close must be overpowering.

1
0
Go

Labyrinth-like Basement

"The bog of eternal stench"

0
0

shouldn't be very hard to verify

If the guy's right it shouldn't be hard to verify the claim. A plaintext password left in a DLL is very likely to be available in caches. Also, the Comodo partner could simply own up.

0
0
Silver badge
FAIL

Single hacker

Yet we were told that only a government could pull it off. Seems like this is becoming a standard excuse in the industry: We are but a poor commercial company, what can we do against the secret hacking units of governments... This could not be possibly due to our own incompetence!

4
0
WTF?

.dll

What, they were running a server for automated issuing of SSL certificates on a Windows box??!? The Web deserves everything it's got coming.

0
2
FAIL

This guy..

.. I can't take him.

He found some credentials in a dll file. The he used them to "login" via an API.

THATS IT.. He hasn't made any superfast integer factorization algorithm, he hasn't cracked anything in the protocol used by skype, etc. He just found some credentials in a dll file.

0
0
This topic is closed for new posts.