Comodo - SSL issues

[Hermite15]

lol on a side note, I don't think anything worse could happen to Comodo. Officially they got screwed themselves (stolen credentials of an Comodo ssl cert provider)... now we don't know and we might never know how it happened...

[Lisandro]

For the ones who do not know what could happen:

These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

[Lisandro]

Update your Windows!
Or http://www.microsoft.com/technet/security/advisory/2524375.mspx

[Asyn]

Thanks, Tech.
Everyone, who answered here is aware of the risks.
Still, if other users should follow this thread, it won't hurt to offer some basic feedback.

[bob3160]

Hi guys, as I don't want this thread to become a discussion thread.
Please post further replies to the Comodo issue here: http://forum.avast.com/index.php?topic=74516.0
Thanks,
asyn

Edit: Or follow Tech's link to WSF... (Thanks Tech..!!)

It would be a lot nicer to do it directly on the Comodo forum. :0

[Hermite15]

apparently Google reacted already a week ago (meaning they can act without waiting for a Win Update)... and the issue was already known.

The Chrome Stable and Beta channels have been updated to 10.0.648.151 for Windows, Mac, Linux and Chrome Frame.  This release blacklists a small number of HTTPS certificates.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel?

not sure if that's related to what's being discussed here but according to an article I just read (Heise I think...) that is related.

http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developers-to-update-1213358.html

http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_17.html

... also just what I was thinking a few minutes ago (about Apple)

The update policies of Opera and Apple currently remain unknown

[Lisandro]

As SSL Certification is the core of Comodo security... This is a knock out, isn't it?

Edited: Bad English 

[doktornotor]

... also just what I was thinking a few minutes ago (about Apple)

The update policies of Opera and Apple currently remain unknown

Opera has had OSCP enabled for quite a while. As for Safari - who cares (TM)  

[Asyn]

This is a knock down, isn't it?

It sure is.

[Hermite15]

... also just what I was thinking a few minutes ago (about Apple)

The update policies of Opera and Apple currently remain unknown

Opera has had OSCP enabled for quite a while. As for Safari - who cares (TM)  

well excuse me but I do care, check my sig

ps: I hate Safari, but there's no serious alternative on iDevices.

[doktornotor]

well excuse me but I do care, check my sig

You mean the "Alliance for the Promotion of Avast Native Orange Skin"?  

[Hermite15]

well excuse me but I do care, check my sig

You mean the "Alliance for the Promotion of Avast Native Orange Skin"?  

yes

[Hermite15]

I see Safari desktop has OCSP checking available - must be manually activated - but I have no idea if Safari iOs does... the settings interface for Safari is so poor on iOS that it's impossible to find out. I guess some jailbreaking geeks should know that

[Asyn]

http://www.h-online.com/security/news/item/Worth-Reading-Certificate-Request-Ask-Later-814307.html

[Hermite15]

'Iranian' attackers forge Google's Gmail credentials'
http://www.theregister.co.uk/2011/03/23/gmail_microsoft_web_credential_forgeries/

so this actually started on March 15, meaning that Google was the first and only one to react at the time.