"Stolen" SSL certificates

According to the media the Certificate Authority Comodo has been hacked and those hackers could sign valid SSL certificates for any website they want to. As the web browsers trust the Comodo CA, no browser would have complained.

Since the rogue certificates were detected, they were revoked by Comodo immediately. Unfortunately, it seems the check within the web browser for revoked certificates is not working as planned though; some scenarios are possible in which the certificate revocation check can be blocked. Because of that, in the last days every browser manufacturer (like the Mozilla Foundation, Google and Microsoft, for example) issued updates for their certificate blacklist within the web browsers.

What happened? Through an compromised affiliate login the hackers could sign several trusted certificates – which are blocked within the current browser versions:

  • mail.google.com
  • http://www.google.com
  • login.yahoo.com
  • login.skype.com
  • addons.mozilla.org
  • login.live.com
  • global trustee

One of the rogue login.yahoo.com certificates has been seen used on the Internet according to Comodos incident report. Other than reported by some media, the Comodo root keys or hardware were not compromised, as Comodo assures.

For users and administrators it is important to install the most recent browser versions to stay safe on the Internet. For the Microsoft update, it is necessary to start Windows Update and choose to install the “important” update for Windows – the according security advisory can be found here.

Dirk Knop
Technical Editor