Firm points finger at Iran for SSL certificate theft

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_thefthttp://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_theft

By Gregg Keizer
Computerworld
March 23, 2011

Iran may have been involved in an attack that resulted in hackers 
acquiring bogus digital certificates for some of the Web's biggest 
sites, including Google and Gmail, Microsoft, Skype and Yahoo, a 
certificate issuing firm said today.

The bogus certificates -- which are used to prove that a site is 
legitimate -- were acquired by attackers last week when they used a 
valid username and password to access an affiliate of Comodo, which 
issues SSL certificates through its UserTrust arm.

Today, Comodo's CEO said his company believes the attack was 
state-sponsored and pointed a finger at Iran.

"We believe these are politically motivated, state driven/funded 
attacks," said Melih Abdulhayoglu, the CEO and founder of Comodo, a 
Jersey City, N.J.-based security company that is also allowed to issue 
site certificates.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/