Barney's Blog

Blog archive

Damaging Digital Certs

Digital certificates are supposed to protect our security. But hackers have somehow managed to create nine bogus certificates that could be used to violate the very core of your network.

Even though hackers hacked into certs from the Comodo Group, Microsoft was the one who first brought the issue to light this week.

Maybe that's because the certs can be used to breech the defenses of Windows Live and Google. For some reason, Google didn't raise any major alarms.

The hack was made possible because a major jerk somehow managed to get the password and user name of a Comodo worker. The source of the hack appears to be Iran but the hacker(s) could have been spoofing the IP address.

Thankfully, no attacks have been thus far reported. But if that changes, the exploits could include phishing and other nefarious deeds.

Browser providers Google, Mozilla and Microsoft have all sent out patches.

Posted by Doug Barney on 03/25/2011 at 1:18 PM


Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025