An Iranian hacker has stepped forward to claim responsibility for the SSL certificate hack against Comodo, providing an insight into how the high-profile hack might have been pulled off. The lock-picker – who claimed he had "1,000 times" the experience of any hacker or programmer – asserted that after compromising Comodo's …
Adding 'gate' to any kind of scandal.
Scandal Named in Scandal Naming Shocker
"Please stop adding 'gate' to any kind of scandal. Thanks," said the world in what commentators are already calling Gategate.
Stirrng up trouble? - this is now Gategategate.
Let's not lose focuse - Comodo was HACKED
Did you see how easy it was for the alleged hacker to get into their systems?
It's absurd how insecure Comodo is, yet everyone is talking is it Iran or isn't it.
The root problem in all of this is that Comodo has weak security and REFUSES to do anything about it.
This is nothing new for Comodo. They had incidents in 2008 & 2009.
Instead of spending time deflecting blame, why don't they try to clean their own house.
1000 times any other programmer!
The smell up close must be overpowering.
"The bog of eternal stench"
shouldn't be very hard to verify
If the guy's right it shouldn't be hard to verify the claim. A plaintext password left in a DLL is very likely to be available in caches. Also, the Comodo partner could simply own up.
Yet we were told that only a government could pull it off. Seems like this is becoming a standard excuse in the industry: We are but a poor commercial company, what can we do against the secret hacking units of governments... This could not be possibly due to our own incompetence!
What, they were running a server for automated issuing of SSL certificates on a Windows box??!? The Web deserves everything it's got coming.
.. I can't take him.
He found some credentials in a dll file. The he used them to "login" via an API.
THATS IT.. He hasn't made any superfast integer factorization algorithm, he hasn't cracked anything in the protocol used by skype, etc. He just found some credentials in a dll file.