back to article DigiNotar hacker says he stole huge GlobalSign cache

An internet user with proven ties to the DigiNotar hack claims he stole email, customer data and other sensitive data from two competing web authentication authority that will be released publicly soon. In a statement posted Thursday, an individual calling himself Comodohacker expanded on previous claims that he breached the …

COMMENTS

This topic is closed for new posts.
  1. Joe Montana
    Mushroom

    Startcom

    Startcom's website admitted a breach a few months ago, and their service was offline for some time as a result... Perhaps this was the same attack?

  2. Anonymous Coward
    FAIL

    Yes, of COURSE it must have been...

    ... sponsored by the Iranian government, then the CAs can say "We were not breached by one person with too much time on their hands because we are incompetent; we are under attack from a hostile, state under sanctions from the UN!!1!1!oneone... Send in the bombers!"

    1. Tomato42
      Devil

      state sponsored

      It's state sponsored in the same way the comodo breaches were: the IP provided by Comodo was involved with the breaches. Thing is, its user used a video how to site to learn about MITM and downloaded sslsniff from Moxie Marlinspike website leaving a HTTP referrer...

      Remember, to a CEO, any computer user that knows WinKey+R opens Run dialog and "cmd" is the shell executable is "sophisticated".

      Whole CA business is a security theater, now we finally see that the gold is painted and mahogany is made from pine wood.

  3. Destroy All Monsters Silver badge
    Facepalm

    Another false flag operation, more like.

    > "a totally a state-sponsored attack on the PK infrastructure"

    > guy turns up, bragging about the exploits

    retard.jpg

    1. Tomato42
      Trollface

      Public education

      The guy was taught in public school, the school is sponsored by Iranian government, ergo the attack was sponsored by Iranian government. QED.

  4. Robert Carnegie Silver badge

    I think you mean,

    "claims Microsoft made Monday that fraudulently issued certificates for domains including *.microsoft.com and *.windowsupdate.com could *NOT* be used to hijack Microsoft's security update system."

    And I think Microsoft is right in that the certificate isn't enough, you also have to bend DNS or bend the network to make PCs communicate with your evil server instead of the real one.

    And I think it's still illegal to supply Microsoft Windows or other American software to Iran anyway, which logically would also include Windows updates. I've been expecting that that'd be the next law case against Linux, whose licence doesn't include that rule.

    1. Ru
      Facepalm

      "I've been expecting that that'd be the next law case against Linux"

      Lawsuit against whom? What makes so many people feel that 'Linux' is some kind of legal entity?

    2. Ken Hagan Gold badge

      Re: Microsoft is right

      If we believe Microsoft's claim that updates have to be signed by the Microsoft root CA, then even persuading clients to talk to your fraudulent server wouldn't be enough to hijack Windows Update.

      And this is a *very* plausible claim. In fact, I'd be quite shocked if it weren't true.

  5. Anonymous Coward
    IT Angle

    on state sponsored

    Remember, to a CEO, any computer user that knows WinKey+R opens Run dialog and "cmd" is the shell executable is "sophisticated".

    ***

    Really priceless quote.

    PKI has been hamstrung by the "good enough" approach long enough, as have been most parts of the Internet infrastructure. The mere mention of "you also have to bend DNS" immediately brought to mind the cache poisoning exploit discovered 3 years ago. In that case the most troubling quote I saw was from Kaminsky himself, when he said, "this is how the Internet works."

This topic is closed for new posts.

Other stories you might like