RA Issues Phony SSL Certificates

As a follow up to this post regarding SSL Certificates, it seems that Comodo, a major issuer of SSL certificates, stated that an attacker was able to obtain the user name and password of a Comodo Registration Authority (RA) based in Southern Europe and issue the fraudulent certificates and that the hack did not extend to its root keys or intermediate certificate authorities, but did constitute a serious security incident that warranted attention. As a result, nine fraudulent SSL certificates were issued to seven domains including Google, Yahoo and Skype.

SSL Certificates are the Internet equivalent of drivers licenses, said Paul Turner, the vice president of products and customer solutions at Venafi, an Enterprise Key and Certificate Management firm. The bogus certificates could be used in phishing or man in the middle attacks against organizations that haven’t updated their certificate revocation lists, he said. They could also be used to sign applications and plug ins, he said.

The take-away from this post? It seems worthy to note that internet security has a long way to go. There will always be a way to compromise the security of a site in one form or another. When developing your website, keep this in mind and discuss your security concerns with you designer, seo company and developers.

it has also been pointed out that the cost of SSL cerificates is actually not that high..anywhere from $50-200

Comments are closed.