Rouge SSL certificates

Certificate vendor Comodo has announced that nine rogue certificates were issued through them. These certificates were issued for:

mail.google.com (GMail)
login.live.com (Hotmail et al)
www.google.com
login.yahoo.com (three certificates)
login.skype.com
addons.mozilla.org (Firefox extensions)”Global Trustee”

According to Comodo, the registrations seemed to be coming from Tehran, Iran and they believe that because of the focus and speed of the attack, it was “state-driven”.

Actually SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

A statement from Comodo explains that a root authority (RA) was breached. The attacker created a user account, and used the fraudulent account to issue nine rogue SSL certificates spanning seven different domains. The Comodo statement says, “The attacker was well prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the [requests] for these certificates and submit the orders to our system so that the certificates would be produced and made available to him.”

In theory, an user attempting to log into his Yahoo account, for example, could have been misdirected to a fake site. That would allow the perpetrators to obtain a host of online information including contents of email, passwords and usernames, while monitoring activity on the dummy sites.

The login.live.com domain used for logging in to Windows Live accounts was one of the domains compromised by the rogue Comodo certificates. Microsoft has issued a security advisory, and released a mitigation update to update the certificate revocation list on Windows PCs and prevent them from accepting the fake SSL certificates as legitimate.

We kindly request the customers to keep there system updated.