Comodo - SSL issues

[Asyn]

Too complex reading... Can anybody say what did really happen or is happening?

Too complex..
Well, here's the short version: http://www.h-online.com/security/news/item/Comodo-two-more-resellers-were-compromised-1218517.html

[Lisandro]

Now it's better and in plain English

[sded]

http://www.wilderssecurity.com/showthread.php?t=295617 seems to get pretty thorough updating.

[doktornotor]

Too complex reading... Can anybody say what did really happen or is happening?

Sure thing. Comodo sucks goats nuts... and more. 

[Hermite15]

lol

[Lisandro]

Sorry if it was posted before...
But a serene and very good reading about what happened, what have been done, the responsibility of each part of the process.
http://samuelsidler.com/2011/03/28/timeline-of-comodo-certificate-compromise/

[Asyn]

Sorry if it was posted before...

I like the timeline approach.
But it's not complete, newer info has been posted here already...

[Asyn]

Technical reading for the weekend.
https://datatracker.ietf.org/doc/draft-hallambaker-donotissue/?include_text=1

[Lisandro]

Well I find Outpost in many ways ahead to comodo. And how can comodo help me if a 21 years old boy from Iran hacked into its system and generated 4-5 Security Certificates ??

What is the minimum relationship between the Comodo firewall and the certificates issued?
This is just FUD.

[doktornotor]

What is the minimum relationship between the Comodo firewall and the certificates issued?

Hmmm... the TVL perhaps?

[Ashish Singh]

As a 21 years old boy can hack into their system with so ease I wonder if they can't defend their own system then how come mine??
They were using "gtadmin" (gt stands for Global Trust) as their username and the password was "globaltrust" isn't it a good joke for a company who is issuing a Security Public key and Private one also and uses such a weak username and password. Then how can I trust their firewall policies???

[Ashish Singh]

And ya as this is not a comodo forum or Outpost one so better leave this topic here only.
But comodo needs to grow more. Thanks for your support....

[Lisandro]

Hmmm... the TVL perhaps?

No, absolutely nothing.

As a 21 years old boy can hack into their system

Which system? The boy entered the certification and SSL system which does not belong only to Comodo.
Did you read the technical information about the subject?

I wonder if they can't defend their own system then how come mine??

It's not their system. It's your system. It's our Internet.

They were using "gtadmin" (gt stands for Global Trust) as their username and the password was "globaltrust" isn't it a good joke for a company who is issuing a Security Public key and Private one also and uses such a weak username and password.

A serious link reporting this issue, please.

Then how can I trust their firewall policies???

Which software will you trust then?
avast?
Are you sure avast didn't make any mistake in the past?
C'mon... Hint: statistics of the forum and date 3-12-09 will show you one trouble problem in our history...

[doktornotor]

Hmmm... the TVL perhaps?

No, absolutely nothing.

Really? Doing absolutely sloppy job with highly sensitive things such as RAs, how much work do you think goes into verification of so called "trusted" vendors hardcoded into CIS? Well, I can tell you - absolutely none. Pay for the certs and sign whatever you want, you will get on TVL as a bonus so that your malware installs cleanly without hassle for users. Quite a couple of threads about this on Comodo forums, incl. a trojan signed by fake Trend Micro cert. 

[Hermite15]

Hmmm... the TVL perhaps?

No, absolutely nothing.

Really? Doing absolutely sloppy job with highly sensitive things such as RAs, how much work do you think goes into verification of so called "trusted" vendors hardcoded into CIS? Well, I can tell you - absolutely none. Pay for the certs and sign whatever you want, you will get on TVL as a bonus so that your malware installs cleanly without hassle for users. Quite a couple of threads about this on Comodo forums, incl. a trojan signed by fake Trend Micro cert.  

+1 I already didn't trust Comodo anymore before that...this ssl disaster fits Comodo so well... ie I don't trust their "official" versions of what happened at all. I now would consider any of their product potentially malicious.