On the 15th March 2011, a security industry nightmare happened: Comodo affiliate RA was compromised, resulting in the issue of nine fraudulent SSL certificates. Comodo issued a full-disclosure statement on their blog.
In and of itself, companies are compromised all of the time, but the fake certificates – now revoked – were for large traffic sites like yahoo, gmail, Skype and Hotmail (amongst others). Microsoft has issued a patch to block the fake certificates.
The fake certificates were for:
- login.yahoo.com (3 certificates)
- “Global Trustee”
The OS patch from Microsoft covers all currently supported operating systems:
- Windows XP Service Pack 3
- Windows XP Professional x64 Service Pack 2
- Windows Server 2003 Service Pack 2 (including for Itanium-based systems)
- Windows Vista SP1 / SP2 (including x64 systems)
- Windows Server 2008 (32-bit, x64 systems and Itanium-based systems)
- Windows 7 (32-bit and x64 systems with SP1)
- Windows Server 2008 R2 (for x64 and Itanium-based systems with SP1)
We strongly urge all users and systems administrators to patch their systems immediately.
The compromise also highlights the importance of ongoing system security. Although the compromise was unusual, in that it required high-level DNS access to achieve, and is thought to have originated in Iran, it also shows the value in keeping systems patched (as the industry provides solutions relatively quickly, but administrators are often behind in adding new patches to the OS), running up-to-date security software and being aware of unusual systems activity.
It is unclear, at this time, if any users were actually affected by this incident.