Comodo SSL Compromise

As a GlobalSign SSL partner KO Websites has been notified of a security compromise that affects services that many of us as internet users utilize everyday. So to help keep our clients and friends updated and aware we are passing this notification on to you.

Safe surfing,

KO Websites

As a valued GlobalSign Partner we would like to make you aware of our official company statement on the recent Comodo compromise.

##########

On March 23 2011, the Certification Authority Comodo announced it had mis-issued 9 SSL Certificates to high profile websites including:

* login.live.com
* mail.google.com
* www.google.com
* login.yahoo.com (3 certificates)
* login.skype.com
* addons.mozilla.org

The Certificates were issued through one of its unnamed Registration Authority (RA) Partners who had been given transferrable trust rights to issue publicly trusted SSL Certificates.

The fraudulent Certificates have since been revoked, however due to the high profile nature of the mis-issued Certificates, Microsoft, Google and Mozilla have issued browser updates to hardcode the revocation status of the Certificates into the browsers.  We advise all GlobalSign customers to update their browsers immediately.

This is a very serious compromise of unprecedented scale.  As further details unfold, our security group will publish a full statement.  However we wish to strongly iterate that this is a completely standalone attack on the Comodo systems.  GlobalSign wishes to confirm to all customers, partners and the industry as a whole that GlobalSign is not affected by the Comodo compromise.

 

Leave a Reply