Iran Fingered For Fraudulent Comodo SSL Certificates

  /     /     /  
Publicated : 22/11/2024   Category : security


Iran Fingered For Fraudulent Comodo SSL Certificates


Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
On Wednesday, digital certificate issuer Comodo released a security warning that its European affiliate had issued nine fraudulent SSL certificates. The certificates -- used by Web sites to confirm the identity of end users -- were issued without sufficient identity validation, and were apparently obtained by the government of Iran.
All certificates have been revoked by Comodo. They involve seven domains: Firefox extensions (addons.mozilla.org), Global Trustee, Gmail (mail.google.com), Google (www.google.com), Skype (login.skype.com), Windows Live including Hotmail (login.live.com), and Yahoo (login.yahoo.com -- 3 certificates).
Microsoft on Thursday said that as a result of the fraudulent SSL certificates, it had
updated
Windows to prevent them from being used. In addition, it said, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.
Whats the threat posed by real security certificates being issued to the wrong party? According to Microsoft, these certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
Or to gather intelligence. If you are a government and able to control Internet routing within your country, you can reroute all, say, Skype users to [a] fake https://login.skype.com and collect their usernames and passwords, regardless of the SSL encryption seemingly in place, said Mikko Hypponen, chief research officer at F-Secure, in a
blog post
.Or you can read their email when they go to Yahoo, Gmail, or Hotmail. Even most geeks wouldnt notice this was going on.
Who would try to obtain fraudulent certificates? Comodo says that circumstantial evidence points to a state-backed operation run by Iran, due to the speed and accuracy of the operation, as well as the focus. The perpetrator has focused simply on the communication infrastructure -- not the financial infrastructure as a typical cyber-criminal might, according to Comodos
incident report
.
More clues: The one attack seen so far that used the fraudulent certificates targeted an ISP in Iran. Furthermore, looking at all of the issued certificates, the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups, said Comodos Phillip Hallam-Baker in a
blog post
.
Then again, it could be a diversion. While the involvement of two IP addresses assigned to Iranian ISPs is suggestive of an origin, this may be the result of an attacker attempting to lay a false trail, he said. But on the other hand, the perpetrator can only make use of these certificates if it had control of the DNS infrastructure.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Iran Fingered For Fraudulent Comodo SSL Certificates