Re: Iranian state-sponsored cyberwarfare is indistinguishable from script kiddies
The original source of the info about the hack has now posted the private key corresponding to one of the bogus certs at http://pastebin.com/X8znzPWH. The public-key components are identical, haven't verified that the private key matches yet, but I'm going to guess it will. So a global CA wasn't 0wned by a nation-state cyberwar agency but by a random script kiddie having some fun. Oh the embarassment :-). Peter.
For people who aren't following this via pastebin, to paraphrase Crocodile Dundee, "you call that a successful CA attack? *This* http://pastebin.com/CvGXyfiJ is a successful CA attack": "Here is another proof: http://www.multiupload.com/TGDP99CJLH. I uploaded JUST 1 table of their ENTIRE database which I own." Looks like every Comodo account should now be regarded as compromised. I wonder if we'll finally see a CA cert pulled from a browser? Or does the CA have to behead someone live on Youtube before the browser vendors will act? Peter.
participants (1)
-
Peter Gutmann