Comodo - News, Features, and Slideshows

News

• Microsoft blacklists fraudulently issued SSL certificate

  Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.

• 'Secure' advertising tool PrivDog compromises HTTPS security

  New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.

• Antivirus products riddled with security flaws, researcher says

  It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.

• In Heartbleed's wake, Comodo cranks out fresh SSL certificates

  Tens of thousands of new digital certificates have been issued by Comodo in the wake of the "Heartbleed" security flaw, which has put Internet users' data at risk.

• McAfee research shows sharp rise in malware signed with legitimate digital certificates

  McAfee research indicates that a steep rise in the amount of malware signed with legitimate digital certificates -- not forged or stolen ones -- is a growing threat that raises the question whether there should be some kind of "certificate reputation services" or other method to stop certificate abuse.

• Certificate Authorities Form Group to Educate on SSL Best Practices

  Responding to the increasing number of threats aimed at certificate authorities and the ecosystem of trusted online transactions they represent, seven certificate authorities have come together to form an advocacy group to advance security standards and promote best practices.

• Multivendor power council formed to address digital certificate issues

  With cyber-criminals increasingly exploiting digital certificates to undermine security the vendors with the most influence as certificate authorities have banded together to try and speak as an industry group to advocate for security best practices.

• SSL certificate industry should be replaced: security specialist

  The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that.

• Opinion: the real security issue behind the Comodo hack

  News of an Iranian hacker duping certification authority Comodo [1] into issuing digital certificates to one or more unauthorized parties has caused an uproar in the IT community, moving some critics to call for Microsoft and Mozilla to remove Comodo as a trusted root certification authority from the systems under their control. Though the hacker managed his feat by first compromising a site containing a hard-coded logon name and password, then generating certificates for several well-known sites, including Google, Live.com, Skype, and Yahoo, I'm not bothered by the technical issue. Instead, my main concern over Public Key Infrastructure (PKI) and digital certification is that users don't understand it.
  For the most part, people don't care about digital certificates and the security they could provide. I have a hard time getting worked up about a system error that 99 percent of users simply ignore.
  PKI is not the culprit