Follow-up to the Comodo Controversy

It seems that after my last post concerning Comodo it has caused quite a stir … so I’d like to clear up a few points made on several other Forums.
[DSL Reports] [Security Garden] [Wilders Security] [Calendar of Updates]

Over at Comodo’s Forum “Melih” who describes himself as: Comodo’s Hero Administrator

You say we responded to MVP Mike before and he gave us kudos. So why would we not respond to him this time if he sent us an email? Your logic doesn’t make sense. If we responded before then we would respond again. And we did respond as soon as we were alerted but did NOT receive any emails from MVP Mike as far as I know.”

Well as I stated in my previous post I sent an email on 04-21-09 alerting Comodo and never received a reply … so why would I bother sending another when I find more of the same (Malware sites using Comodo certificates) … however after “going public” it sure didn’t take long for these certificates to be revoked. Imagine that … I got a reply today … “your email got buried” = buried? … if you notice I sent it to both the address I was given and “CC’d” to the person I dealt with previously …

I just feel sorry for the amount of people that were duped into thinking they were at a legit site and actually purchased this malicious software, after I notified Comodo … only to be “buried” … then why did you bother to set up a specific address to report these sites?

And this comment … “Its a weak certificate, but its something that many many Certification Authorities are selling so I don’t really see why Donna and similar should make a thread bashing solely comodo for it..Verisign and Godaddy is the major pushers and sellers for this junk, yet they get no critic whatsoever for that..”

First I very rarely see a certificate issued by GoDaddy to these type malware pushers … now here is a tip … perhaps the first clue would be to Google the domain name that wants to purchase a certificate …

In some cases the domain name itself should be a red flag! = secure.spywareprotector-2009.com

== Server Certificate ==========
[Subject]
  CN=secure.spywareprotector-2009.com, OU=Free SSL, OU=Hosted by
 LiderTelecom LTD, OU=Domain Control Validated

 [Issuer]
  CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, S=Greater
 Manchester, C=GB

 [Serial Number]
  2AEB99837575BE971E4EEB2329CD3507

Yet “Iam Monkey_boy=) from the comodo forums” states:
Comodo can’t really be blamed if a site that has a certificate hosts malware

Let me put a little perspective on this … “Conficker systems being updated with SpywareProtect2009
Conficker is now believed to be the largest computer worm infection since the 2003 … and Comodo issued the certificate to “SpywareProtector-2009” … now you can’t tell me that this domain name isn’t a cause for concern? It gives me chills to think how many people were duped into purchasing this product.

Now if it was my company and I found out we were involved (even remotely) in the largest infection since 2003 … I’d certainly want to make some changes in our policy as to how these certificates are issued … but that’s just me …

And I’ll finish up with this little gem“So the question should be the ethics of publishing these kind of material without informing the security vendors in the first place.”

You question my ethics? … it wasn’t my intent to get into a pi**ing contest with these people but who’s ethics are in question here? … mine for publicly reporting this or Comodo’s for a continuing practice of issuing/selling certificates to questionable characters …



Comments are closed.