back to article Comodo-gate hacker brags about forged certificate exploit

An Iranian hacker has stepped forward to claim responsibility for the SSL certificate hack against Comodo, providing an insight into how the high-profile hack might have been pulled off. The lock-picker – who claimed he had "1,000 times" the experience of any hacker or programmer – asserted that after compromising Comodo's …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Stop

    Please Stop

    Adding 'gate' to any kind of scandal.

    Thanks

    The world

    1. Anonymous Coward
      Anonymous Coward

      Scandal Named in Scandal Naming Shocker

      "Please stop adding 'gate' to any kind of scandal. Thanks," said the world in what commentators are already calling Gategate.

      1. Elmer Phud

        You what?

        Stirrng up trouble? - this is now Gategategate.

  2. Anonymous Coward
    Alert

    CA-Gate

    http://www.devquotes.com/2011/03/27/comodohacker-response/#more-813

  3. SecurityJimmy

    Let's not lose focuse - Comodo was HACKED

    Did you see how easy it was for the alleged hacker to get into their systems?

    It's absurd how insecure Comodo is, yet everyone is talking is it Iran or isn't it.

    The root problem in all of this is that Comodo has weak security and REFUSES to do anything about it.

    This is nothing new for Comodo. They had incidents in 2008 & 2009.

    Instead of spending time deflecting blame, why don't they try to clean their own house.

  4. Anomalous Cowherd Silver badge

    1000 times any other programmer!

    The smell up close must be overpowering.

    1. Doug Glass
      Go

      Labyrinth-like Basement

      "The bog of eternal stench"

  5. noodle heimer

    shouldn't be very hard to verify

    If the guy's right it shouldn't be hard to verify the claim. A plaintext password left in a DLL is very likely to be available in caches. Also, the Comodo partner could simply own up.

  6. ratfox
    FAIL

    Single hacker

    Yet we were told that only a government could pull it off. Seems like this is becoming a standard excuse in the industry: We are but a poor commercial company, what can we do against the secret hacking units of governments... This could not be possibly due to our own incompetence!

  7. Anonymous Coward
    WTF?

    .dll

    What, they were running a server for automated issuing of SSL certificates on a Windows box??!? The Web deserves everything it's got coming.

  8. Anonymous Coward
    FAIL

    This guy..

    .. I can't take him.

    He found some credentials in a dll file. The he used them to "login" via an API.

    THATS IT.. He hasn't made any superfast integer factorization algorithm, he hasn't cracked anything in the protocol used by skype, etc. He just found some credentials in a dll file.

This topic is closed for new posts.

Other stories you might like