jm + comodo   3

Comodo's incident report on the March 15 incident
pointing the finger at the Iranian state; various login URLs for GMail, Yahoo! Mail, Hotmail, and something called "global trustee" (wtf)
security  fraud  comodo  fail  ssl  tls  ocsp  revocation  from delicious
march 2011 by jm
Detecting Certificate Authority compromises and web browser collusion | The Tor Blog
'If I had to make a bet, I'd wager that an attacker was able to issue high value [SSL] certificates, probably by compromising [the USERTRUST SSL certificate authority] in some manner, this was discovered sometime before the revocation date, each certificate was revoked, the vendors notified, the patches were written, and binary builds kicked off - end users are probably still updating and thus many people are vulnerable to the failure that is the CRL and OCSP method for revocation.' It seems addons.mozilla.org was one of the bogus certs acquired. Major ouch. Thanks to EFF/Tor et al for investigating this -- SSL cert revocation is a shambles
security  ssl  tls  certificates  ca  revocation  crypto  exploits  eff  tor  comodo  usertrust  from delicious
march 2011 by jm

Copy this bookmark:



description:


tags: