Power Sellers Unite

elgato · Joined: 24 Feb 2005 Posts: 17240 Location: Texas

Google, Yahoo, and Skype users in Iran should be extra cautious online from now on. Evidence suggests that the Iranian government organized an attack focused on obtaining nine secure digital certificates related to major sites.

Note that this episode hasn’t quite escalated to the levels we saw when a Chinese attack was the subject of discussion; Google hasn’t made any public accusations, and no politicians have become involved. Still, Comodo, a company that issues digital certificates, created a fairly damning incident report.

Apparently things began when an attacker logged into a Comodo RA account with the username and password of a Comodo Trusted Partner. Then the account was used to issue SSL certificates for www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, and login.live.com.

That would have potentially allowed the attacker to impersonate the sites and intercept user-submitted information, had Comodo not caught on and revoked the certificates.

Then here’s Comodo’s conclusion, edited only for spacing: “The circumstantial evidence suggests that the attack originated in Iran. The perpetrator has focussed simply on the communication infrastructure (not the financial infrastructure as a typical cyber-criminal might). The perpetrator can only make use of these certificates if it had control of the DNS infrastructure. The perpetrator has executed its attacks with clinical accuracy. The Iranian government has recently attacked other encrypted methods of communication. All of the above leads us to one conclusion only:- that this was likely to be a state-driven attack.”

more.. link to news article

mojavelyn · Posted: Thu Mar 24, 2011 9:47 am Post subject:

And more...

http://www.microsoft.com/technet/security/advisory/2524375.mspx

General Information
Executive Summary

Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

These certificates affect the following Web properties:
•

login.live.com
•

mail.google.com
•

www.google.com
•

login.yahoo.com (3 certificates)
•

login.skype.com
•

addons.mozilla.org
•

"Global Trustee"

Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.

An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375.

Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update, see the Suggested Actions section of this advisory.

I got this on my updates for MS.