Oh how embarrassing

Imagine that! … from Google Diagnostic … I wonder what malicious software was being distributed on the 15th?

So let’s click on over to trustlogo.com from the Google Diagnostic report …

 The really embarrassing part is that the site mentioned sagunnyu.com appears to use a Comodo certificate … ouch!

== Server Certificate ==========
  CN=sslsecurity.kr, OU=Comodo InstantSSL, OU=Hosted by Jungbonet inc., OU=SSLSECURITY_TEAM, O=JUNGBONET, STREET=Nonhyeon-dong, L=Nonhyun-Dong, S=SEOUL, PostalCode=135-010, C=KR

  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

[Serial Number]

 Maybe a certain CEO should spend a little more time making sure things like the above don’t happen rather than spewing out one-sided spin in an effort to deflect the real problem = failure to address an ongoing (since 2007) problem:

Criminals using Comodo to attempt legitimacy

5 Responses to “Oh how embarrassing”

  1. How hard have you been looking for this, it’s truly sad.

    It’s so obvious to everyone apart from you cronies that you have something to prove.

    MVP used to mean something…

  2. So is there some way that I can exercise precautions with Comodo certificates in Firefox?

    I looked at the Certificate Manager options and am not clear what penalties there might be for editing or deleting the Comodo entries.

    What I’d really like is some warning when a site has a Comodo certificate so that I can either retreat and skip the site or proceed with extra caution.

  3. This is a False Positive by Google.

    And what is embarrasing is a so called security professional doing a blog about a false positive!


  4. This is getting a bit silly now is it not?

    Are you sure that is a malicious website, doesn`t seem that way to me.

  5. Doesn’t look like a false positive to me … it clearly reads: “malicious software being downloaded and installed without user consent”

    If you have an issue with the analysis from the diagnostic report … take it up with Google, I’m just reporting their findings … the same as I did here:

    How is Google going to explain this?

    Google exposes ClickBank as malicious