Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 25 Jul 2014, 03:04
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Hack Obtains 9 Bogus Certificates for Prominent Websites
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count_1  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10929
Location: Arizona USA

PostPosted: Fri 15 Apr 2011, 23:55    Post_subject:  Hack Obtains 9 Bogus Certificates for Prominent Websites  

http://www.wired.com/threatlevel/2011/03/comodo-compromise/
https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
Quote:
The hacker...compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.

The certificates would have allowed the attacker to craft fake pages that would have been accepted by browsers as the legitimate websites. The certificates would have been most useful as part of an attack that redirected traffic intended for Skype, Google and Yahoo to a machine under the attacker’s control. Such an attack can range from small-scale Wi-Fi spoofing at a coffee shop all the way to global hijacking of internet routes.

At a minimum, the attacker would then be able to steal login credentials from anyone who entered a username and password into the fake page, or perform a “man in the middle” attack to eavesdrop on the user’s session....

...Out of the nine fraudulent certificates the hacker requested, only one — for Yahoo — was found to be active. Abdulhayoglu said Comodo tracked it, because the attackers had tried to test the certificate using a second Iranian IP address.

All of the fraudulent certificates have since been revoked, and Mozilla, Google and Microsoft have issued updates to their Firefox, Chrome and Internet Explorer browsers to block any websites from using the fraudulent certificates.

What about SeaMonkey? Is there a way to tell if the browser I'm using has the latest security updates?
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count_1  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0467s ][ Queries: 12 (0.0093s) ][ GZIP on ]