Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, the servers of a separate registration authority were hacked by attackers …
SQL injection? Seriously?
Where are the security folk in these companies and what are they doing?
It's just pitiful that these companies are falling down one after another after another.
Comodo resellers cascading compromise?
Do they use some packaged webapp by Comodo that needs a bit of patching?
Also, xkcd's Exploits of a Mom, Gaius Baltar etc..
How can anyone, especially a security company, be vulnerable to SQL injections nowadays?
Anybody knows that to secure your application you can use stored procedures and disallow direct access to the data tables. Or at least use prepared statements.
There we go
Comodo has now been removed as a trusted root on the systems I manage.
Excuse me, where is scorn?
Where is all the vitriolic scorn that is directed at Sony every time there is an SQL injection attack on some tiny system of theirs these days? We can be scornful of a consumer entertainment conglomerate having a few security issues, but when a firm that is dedicated to internet security gets hacked through an SQL injection attack we talk about it as if it's small news?
Eh? Seems like if anyone deserves scorn after an attack, it's a company that specializes in Internet security