Translate:
Latest SEO Articles: Speaking At:
    Speaking at SMX London 2013
Follow Us:
Follow beanstalkseo on Twitter
Hear Us On:
Webmaster Radio
Blog Partner Of:
WebProNews Blog Partner
Helping Out:
Carbon balanced.
Archives
    • RSS

    XMLRSS

    Top Posts

    Beanstalk's SEO News Blog

    At Beanstalk Search Engine Optimization we know that knowledge is power. That's the reason we started this SEO blog. We know that the better informed our visitors are, the better the decisions they will make for their websites and their online businesses. We hope you enjoy your stay and find the SEO news contained within this blog useful.

    March 30, 2011

    Comodo Hacker Strikes Again

    A follow up message was again posted on pastebin by an individual using the handle of “COMODOHACKER.” This message was from the same individual who claimed responsibility for the hack on Comodo’s site and who issued 9 SSL Certificates for major sites such as: mail.google.com, www.google.com, login.live.com, addons.mozilla.org, login.skype.com, and login.yahoo.com.

    spy1.jpg

    Apparently, the “comodohacker” became quite upset that people did not believe that he was in fact the real perpetrator of the hack. In his follow up post, he gave further evidence to support his claims. In his message, he includes a link to the forged Mozilla certificate as well as a file claimed to be from one of the Comodo databases he downloaded.

    In his follow up message, Comodohacker states:

    Some stupids in internet still cannot understand I’m behind the attack on SSL, talks about their small understandings about my hack and makes me nervous,”

    "I uploaded JUST 1 table of their ENTIRE database which I own. Also ask Comodo about my hack, ask them what I did to them. Let me tell you what I did: I was logged in into their server via RDP (remote desktop), they detected me and via hardware firewall, they added allowed IP for RDP, so I was no longer able to login via RDP. But I got UI control in their server just 2 days later, then I logged in via roberto franchini’s user/pass, then I formatted their external backup HDD, it was LG with backup of all files inside it. I formatted it. Then I stopped IIS, deleted all logs, not normal delete which could be recovered with recovery tools, I deleted it with secure delete method and in fact I wiped them."

    Rob Graham of Errata Security states that he has had further correspondence with the “comodhacker” and has verified that the private key for the forged Mozilla certificate was in fact authentic.

    Graham wrote, "Note that even the "Certificate Authority" who signs a key does not know the private key. When somebody requests a certificate, they only send the "hash" to the certificate authority. Therefore, nobody, not even Comodo, should know the private key."

    In a possible retaliatory attack from the Comodohacker, this morning it was reported by Comodo that two more affiliate Registration Authorities had been compromised, "but that no further mis-issued certificated have resulted from those compromised."

    To address the growing list of concerns regarding the security practices of Comodo in the wake of the attacks, Robin Alden stated that the company will be implementing improved authentication methods for all RA accounts. Comodo will be implementing IP address restrictions and hardware based two-factor authentication.

    Until the situation has been rectified, Mozilla officials have called on Comodo to stop the issuance of certificates to RAs directly from the root that the company maintained. Alden stated that the company is proceeding to implement that model as soon as possible.

    SEO news blog post by @ 6:03 pm

    Categories: internet security,Uncategorized
    Tags: , ,

     

    March 29, 2011

    The Lone Comodo-Hacker Theory

    In a message posted on pastebin, an individual using the handle of "comodohacker" has claimed responsibility for last week’s hack-attack on the Comodo site in which someone was able to gain access to the RAs site and issue 9 SSL Certificates for some major sites such as:

    • mail.google.com
    • www.google.com
    • login.live.com
    • addons.mozilla.org
    • login.skype.com
    • login.yahoo.com

    Comodo’s security blog states that they believe the attack was instigated by the Iranian government. However the alleged hackers post does offer some clues that could be used to verify the claim of his attack. Robert Graham, of security consultancy Errata, said the results of his firm’s examination of the attack fit with the hacker’s general claims but that such an attack could certainly be perpetrated by a single individual.

    Graham agreed with the alleged hacker that many were too quick to jump to the conclusion that the attack was backed by the Iranian state."More to the point, what evidence points to the Iranian Government in the first place? The answer is ZERO," he said.

    Chester Wisniewski, a security advisor from Sophos, added it was "…impossible to tell if the hacker was telling the truth, but whatever the case, it was clear that Comodo’s security wasn’t up to scratch."

    The writer says that he is a 21 year old Iranian college student. His post reads more like a manifesto other than anything that is truly noteworthy. The whole debate over whether or not this is the alleged hacker(s) could be settled instantly by verifying the credentials he says that he used to access the databases by Comodo.

    From the "comodohacker:"

    "I hacked Comodo from InstantSSL.it, their CEO’s e-mail address mfpenco@mfpenco.com
    Their Comodo username/password was: user: gtadmin password: globaltrust
    Their DB name was: globaltrust and instantsslcms"

    His claim comes across as total quackery. The accounts involved shouldn’t accept that password. It doesn’t meet base criteria for security on even a middling level. The most basic rule of password security tells us not to use a dictionary word. Regardless of whether or not this is the actual perpetrator, Comodo certainly needs to conduct a security audit to ease the minds of those they issues SSLs to.

    SEO news blog post by @ 5:59 pm

    Categories: internet security,Privacy
    Tags: ,

     

    March 24, 2011

    RA Issues Phony SSL Certificates

    As a follow up to this post regarding SSL Certificates, it seems that Comodo, a major issuer of SSL certificates, stated that an attacker was able to obtain the user name and password of a Comodo Registration Authority (RA) based in Southern Europe and issue the fraudulent certificates and that the hack did not extend to its root keys or intermediate certificate authorities, but did constitute a serious security incident that warranted attention. As a result, nine fraudulent SSL certificates were issued to seven domains including Google, Yahoo and Skype.

    SSL Certificates are the Internet equivalent of drivers licenses, said Paul Turner, the vice president of products and customer solutions at Venafi, an Enterprise Key and Certificate Management firm. The bogus certificates could be used in phishing or man in the middle attacks against organizations that haven’t updated their certificate revocation lists, he said. They could also be used to sign applications and plug ins, he said.

    The take-away from this post? It seems worthy to note that internet security has a long way to go. There will always be a way to compromise the security of a site in one form or another. When developing your website, keep this in mind and discuss your security concerns with you designer, seo company and developers.

    it has also been pointed out that the cost of SSL cerificates is actually not that high..anywhere from $50-200

    SEO news blog post by @ 5:48 pm

    Categories: internet security
    Tags: ,

     

    Level Triple-A conformance icon, W3C-WAI Web Content Accessibility Guidelines 1.0 Valid XHTML 1.0! Valid CSS!
    Copyright© 2004-2013
    Beanstalk Search Engine Optimization, Inc.
    All rights reserved.