Having identified what happened, the next step we must take is to re-evaluate our threat model. Read More
Internet security is much harder than other areas because the Internet is constantly changing and user tolerance of security controls is very low. Unlike the military, we cannot order people to follow security procedures. Acceptability must be a top priority in the design of a civilian security control or it will not be used.
On March 15th 2011, a Comodo affiliate RA was compromised resulting in the fraudulent issue of 9 SSL certificates to sites in 7 domains. Although the compromise was detected within hours and the certificates revoked immediately, the attack and the suspected motivation require urgent attention of the entire security field.
At no time were any Comodo root keys, intermediate CAs or secure hardware compromised.
Cybercriminals are doing their research and are aware of what’s popular, and what’s insecure. They are becoming more savvy and attacks are becoming increasingly more severe.
A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2010″ or “Security-Tool,” alerting you that your machine has been infected with a dangerous virus.