Comodo continues to issue certificates to known Malware in Security

Comodo continues to issue certificates to known Malware in Security http://www.dslreports.com/forum/r22400172 en Thu, 03 Dec 2009 15:15:06 EDT Thu, 03 Dec 2009 15:15:06 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22461424 hayc59 : Criminals using Comodo to attempt legitimacy
For most of this month there has been a discussion over the business practices of Comodo, the company who along with free security software offers SSL certificates for online businesses. The discussion is not that they offer SSL certificates, it is that they offer them to criminals as well as legit businesses, with little to no checks during the process or once the certificate is in place. Most were unhappy that it took Comodo so long to respond to the issue itself.
»www.thetechherald.com/article.ph···gitimacy
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget]]> http://www.dslreports.com/forum/remark,22461424 Thu, 28 May 2009 23:17:31 EDT Re: A basic flaw in X.509? http://www.dslreports.com/forum/remark,22459523 anon : I'm not sure I'd add to X.509, but certainly having a
"digital business bureau" that can attest to good business practices would be helpful.

If a CA is found to be untrustworthy, then I remove them from my root CA list. So far, only COMODO has left the building.

For example, as of 2007/2008 VONAGE is no longer a BBB member due to multiple unresolved complaints. But there seems to be no technical/automated mechanism for checking a domain name against BBB membership (or i'd have seen a browser add-on already, wouldn't I?)

I'd be far more likely to trust a business certified by two CAs in different jurisdictions than one that was only certified by
Verisign, for example.]]> http://www.dslreports.com/forum/remark,22459523 Thu, 28 May 2009 16:55:32 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22441366 Grail Knight : Of course there should be a trust.

I trust Comodo's firewall but not their AV. I let Avast handle that side of security.

This is a world full of companies and individuals that do well in one area and fail miserably in other areas. The key is to be able to distinguish between the two.
--
“Facts not FUD."]]> http://www.dslreports.com/forum/remark,22441366 Mon, 25 May 2009 16:09:26 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22440837 sivran :

said by Grail Knight

:

I will still use Comodo Firewall until it is proven that there is something amiss w/ it.

I can think of numerous companies where one part or division screws up well the rest of the companies cranks out excellent products.

I realize that. Office 2007 is fairly nice (IMO, anyway), while Windows Vista is nigh intolerable (IMO). Even in Comodo's case, the firewall's pretty good, but their anti-virus is absolutely horrible.

But, shouldn't there also be a trust between the user of a product and the vendor?

I wonder how many with AIG insurance switched to another provider, despite the fact that the insurance division is wholly separate from the much-smaller financial products division.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...]]> http://www.dslreports.com/forum/remark,22440837 Mon, 25 May 2009 14:05:13 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22440687 anon : I want someone to provide proof of a compromised computer that has/had CIS running. Personally I had multiple (total of 12 workstations) running CIS (Firewall + Defense Plus) for the last couple of years with no issues. They run online financial data 24/7 with no compromise of security and/or data theft. Seems that non-granted paranoia is wide spread in this forum.]]> http://www.dslreports.com/forum/remark,22440687 Mon, 25 May 2009 13:25:10 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22439575 dvd536 :

said by sivran

:

Hmmm. I'm beginning to eye my Comodo Firewall with suspicion. While it may be perfectly fine, I don't really trust the company, or their certs.

Exactly why i'm kicking boclean to the curb when it craps out and i was a paid customer back when boclean was good.
--
When I gez aju zavateh na nalechoo more new yonooz tonigh molinigh - Ken Lee]]> http://www.dslreports.com/forum/remark,22439575 Mon, 25 May 2009 05:58:12 EDT Re: A basic flaw in X.509? http://www.dslreports.com/forum/remark,22426349 DonnaB : Right. There's weakness about certificates and I'm sure we've seen other demos how bad guys will misuse a cert/validation -- extended or not (thanks BTW for those links).

If only they just acknowledged the alert, took action... there'll be no additional controversy on their services. And as already mentioned in other post in this thread, they have security software for end-users to at least, another means to protect end-users privacy and security.

Been visiting buy and download links but CIS is still quiet on my downloads. Anyhoo, just another experience on another desktop AV software I guess :)

Regards,
Donna]]> http://www.dslreports.com/forum/remark,22426349 Fri, 22 May 2009 01:42:04 EDT Re: A basic flaw in X.509? http://www.dslreports.com/forum/remark,22426276 Daniel : Hmm, I'd say this is a classic problem. How do we know when we can trust someone? Ultimately this isn't something easily solved by technology.

I suppose the main thing we can say is:

But again, it comes down to trusting that CA party to verify the legitimacy of the companies they give certs too. Ultimately, and this is the reality we've been grappling with--you have to trust somebody.
--
dmiessler.com -- grep understanding]]> http://www.dslreports.com/forum/remark,22426276 Fri, 22 May 2009 01:15:52 EDT A basic flaw in X.509? http://www.dslreports.com/forum/remark,22426129 EGeezer : Donna, thanks for that response! Well written and you answer many of my questions quite well.

Your response triggered memories of a discussion my little group had sometime back about certificates. This whole issue brings up a serious weakness in the X.509 cert itself. It is perceived - and, by implication, marketed - as being a certificate that provides business practice integrity when in fact it is only an encryption certificate that guarantees only that the site to which the user is connecting is the site to which the certificate is registered, and provides an encryption key whereby the client can connect securely to the site.

For example, a certificate may be issued to GoodHands Insurance, but that does not mean that GoodHands is necessarily a reputable or financially sound entity. The certificate only provides that the client is connecting to Goodhands.com's site and doing so through SSL. There exists a need at this point for something more to be added to the certificate standards.

Bottom line, the present X.509 certificate standards are inadequate for the purpose of establishing the legitimacy and trustworthiness as a business. There will need to be another level similar to a Dun & Bradstreet, BBB or ISO set of standards incorporated into the certification process (and probably the X.509 standards) to achieve that feature.

Dan Houser, then of Nationwide Insurance and now with Cardinal Health(as I last recall), gave a presentation at ISSA on just such a process - For those interested, See »www.isaca-centralohio.org/archiv···mbus.pdf

Although Dan's motivation and concern is more geared to the B2B world, it also applies to the issue in this topic - consumer2B transactional connections.

Dan had more to say recently about SSL and certs - here's another PDF of his that hammers common misconceptions, assumptions and implementations;
»centralohioissa.org/images/Feb_2···user.pdf

For you folks serious about the broader issues, these will be interesting..
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis]]> http://www.dslreports.com/forum/remark,22426129 Fri, 22 May 2009 00:22:45 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22425403 hayc59 : Hello Donna and thanks for posting
should clear a few thangs up!!]]> http://www.dslreports.com/forum/remark,22425403 Thu, 21 May 2009 21:49:06 EDT Re: Comodo responses? http://www.dslreports.com/forum/remark,22425278 mers2 : Thanks, Donna, for providing the practical demonstration. I have a feeling it's going to take strong public sentiment to get Comodo's attention/action. ]]> http://www.dslreports.com/forum/remark,22425278 Thu, 21 May 2009 21:27:40 EDT Re: Comodo responses? http://www.dslreports.com/forum/remark,22425177 DonnaB : 1. I just tried installing CIS latest version (on a test system) with all of its components installed (including Ask.com's stuff), I updated the program prior visiting the malware/rogue link that have Comodo cert. Visited xsoftstore.com and clicked on a buy link. Comodo's security desktop application is quiet. It is not revoked yet even after MVP Mike have shown screenshot that Comodo have issued certs to this rogue site/buy links. No alert from their desktop security software. I don't see option anyway that their AV or Firewall will handle that.
2. As per MVP Mike Burgess blog, he reported it on April 21, 2009.
3. He did by sending them the notice via email. No response from Comodo until it goes public and the good Sunbelt Software, CEO alerted Comodo.
4. More than 3 weeks that he waited for action or response from Comodo.

Difference on response and timeframes from other product vendors, including Microsoft: Well, there are steps:
1. Acknowledge/Time frame - Comodo did not acknowledge the email for weeks.
2. Response - It depends how a person will accept the response but they did respond (including questioning the ethics of the security MVP Mike Burgess)
3. Action - They acted fast as soon as they receive alert from another security vendor's CEO - Alex of Sunbelt. They failed to act on the alert of MVP Mike and most importantly, they failed to prevent this from happening again even though they are aware of such issue (as per MVP Mike.. he's been reporting since Winfixer days).

How it differs with other product vendors is in my opinion, other products vendors will not only fix/act/provide security notice or security response but will try to prevent it from happening again (unless of course there is a mistake on the fixes or another security issue affected old security issue that was fixed). It depends on the security issue though.

Others may have different opinion or views or answer to your question.

Regards,
Donna]]> http://www.dslreports.com/forum/remark,22425177 Thu, 21 May 2009 21:07:49 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22424739 hayc59 :

said by Comodo User :

Actually hayc59 i used to be a outpost user till i got fed up with buggy final builds, the closed clique that U call beta testing etc.

You have never ever used comodo firewall but all you do is moan & complain about the company doing the usual microsoft tactic of spreading FUD.

The reason i say that is you dont complain about the other cert sellers that still sell DV certs only complain about comodo.

Nowadays even a lot of paid apps include toolbars (google, yahoo, ask etc) & if folk just blindly click next & they get installed then it their own damn fault for not reading & checking things.

You dont like matousec testing when it started because he didnt give your beloved outpost top marks & you have been calling them dishonest & unreliable ever since comodo got top marks.

At least comodo engages with the users & listens to questions & suggestions etc unlike agnitum that ignore things for the most part, i dont see any agnitum staff posting in the OP forums.

Plus with comodo i can disable any call home function unlike OP that has hard coded rules to download so called news\ads.

I didnt post to start a argument, i only posted cause i have seen over the past few years that you go out of your way to disrespect comodo even though U dont use it & they have never done anything to you.

You are correct on one and only one issue! for a breif week sometime ago, I gave Comodo a whirl when it first hit the scene to test it and found it far inferior to Outpost[and still find it lacking all over] and gave it back as quickly as I took it!
I do not disrespect any inanimate object...never have or could comprehend how a human carbon life form can feel dis-respectful to a peice of software!!!
I only comment on your post because I find it intreging at the least...
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget]]> http://www.dslreports.com/forum/remark,22424739 Thu, 21 May 2009 19:39:12 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22422585 sded : I think the main issue still is that many users think that Comodo as a security company should use its tools to be sure that Comodo as a certificate issuer not provide/maintain DV certs to malware sites. Comodo has responded that they provide a free tool as a browser add-on that identifies such malicious sites so the users can do it themselves. Not a satisfactory answer to many from a security company. But I wouldn't use security software from Verisign or GoDaddy either-especially if they said go piss off when asked to check their certs for known malware sites.
If you use Opera 9.64, they have upgraded their padlock SSL indicator to show the class of the certificate used by a site, so at least you can tell if it is to be trusted. If you go to view/toolbars/customize/buttons/browser view you will find the icon that does it. If you click on the icon, you get more information about the status of the site-attached are the button and the page you get for a DV, showing it is encrypted but not trusted. Example is for the Comodo forums website, which uses a DV.
Presume the other browsers have something similar to expand on the "golden padlock" by now.

ssl tray icon
dv ssl warning

]]> http://www.dslreports.com/forum/remark,22422585 Thu, 21 May 2009 12:57:05 EDT Comodo responses? http://www.dslreports.com/forum/remark,22422181 EGeezer : Having read the various linked posts, I am not comfortable with Comodo as a certificate issuer. Since I have no way to differentiate the various levels of vetting in the free versus paid certificates, I've removed them from my trusted list until I see evidence from them that the process has been fixed.

As for their security applications, I don't use them, myself, but am curious about the notification and Comodo's responses

1) Did the Comodo security application(s) alert on the malware sites prior to any certificates being revoked(if they were revoked)? If not, I'd be quite upset if I were a user.

2) When the issue was reported, how long was it before they removed/revoked the malware site's certificates?

3) Did you follow the same public disclosure guidelines for Comodo as you would have for Microsoft or other vendors you would notify?

4) How long was it after you notified Comodo that you went public?

How did Comodo's response and timeframes differ from other product vendors, including Microsoft?

Thanks in advance for responses - they will be helpful in evaluating Comodo's actions relative to other vendors.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis]]> http://www.dslreports.com/forum/remark,22422181 Thu, 21 May 2009 11:49:34 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22421915 danny9 : dadkins, you have a way with words and tones.
Well written. :)]]> http://www.dslreports.com/forum/remark,22421915 Thu, 21 May 2009 10:58:16 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22421629 dadkins : Their firewall was ok, but not as good as matousec stated.
They have been doing shady things for years now and it seems that you are taking exception to anyone berating them for their actions.

If it walks like a duck, and quacks like a duck...

Bottom line, COMODO is a crap company.
They trashed BoClean.
Their firewall has been severely buggy and problematic.
They *ARE* issuing certs to malware producers.

Hmmm... yeah, I want me some of that! :uhh:

Guess you missed the Lavasoft fiasco and the fallout they caught for merely de-listing malware.
Wasn't pretty.
AdAware is no longer part of my toolbox - who knows what it will allow to stay. :huh:

By all means, keep using their software and patronizing a questionable company - no sweat off my ba... well, no worries here!

BTW, join DSLReports - It's FREE!

*EDIT*: For the record, I don't use any firewall. Not even Windows Firewall!
No brand loyalty here. :o
--
Think outside the Fox... Opera]]> http://www.dslreports.com/forum/remark,22421629 Thu, 21 May 2009 09:56:02 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22421021 anon : Actually hayc59 i used to be a outpost user till i got fed up with buggy final builds, the closed clique that U call beta testing etc.

You have never ever used comodo firewall but all you do is moan & complain about the company doing the usual microsoft tactic of spreading FUD.

The reason i say that is you dont complain about the other cert sellers that still sell DV certs only complain about comodo.

Nowadays even a lot of paid apps include toolbars (google, yahoo, ask etc) & if folk just blindly click next & they get installed then it their own damn fault for not reading & checking things.

You dont like matousec testing when it started because he didnt give your beloved outpost top marks & you have been calling them dishonest & unreliable ever since comodo got top marks.

At least comodo engages with the users & listens to questions & suggestions etc unlike agnitum that ignore things for the most part, i dont see any agnitum staff posting in the OP forums.

Plus with comodo i can disable any call home function unlike OP that has hard coded rules to download so called news\ads.

I didnt post to start a argument, i only posted cause i have seen over the past few years that you go out of your way to disrespect comodo even though U dont use it & they have never done anything to you.]]> http://www.dslreports.com/forum/remark,22421021 Thu, 21 May 2009 06:01:13 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22420961 TheAnalyzer : I usually stay with the security products I have chosen.

But I am very glad now that I changed my firewall product.

(I originally changed my firewall because CPF 2.4 was getting old).

But now I say:
NO comodo software anymore for me ! I say this because I do not agree with what comodo is doing ATM.

I bought a product from Agnitum now. I am running Outpost Pro. And I am very happy that I took this step. :)

TA
--
quod erat demonstrandum]]> http://www.dslreports.com/forum/remark,22420961 Thu, 21 May 2009 04:40:24 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22420875 mers2 : I'll back hayc59

up on character. If a security application he uses takes an action he considers wrong, he'll condemn that software just as much as one he may not use. And he's been consistent showing no favorites. ]]> http://www.dslreports.com/forum/remark,22420875 Thu, 21 May 2009 02:53:44 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22419748 hayc59 :

said by dadkins

said by Comodo User :

Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.

Regardles of who anyone is... crap is crap.
COMODO is crap! :uhh:

Thank you and just so anyone else
is curious about my alliance with Outpost or any other
software that takes this disgusting route
I would be on Outpost/Agnitum rearend also if they took or take this route in the future....;)
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget]]> http://www.dslreports.com/forum/remark,22419748 Wed, 20 May 2009 21:29:50 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22419574 dadkins :

said by Comodo User :

Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.

Regardles of who anyone is... crap is crap.
COMODO is crap! :uhh:
--
Think outside the Fox... Opera]]> http://www.dslreports.com/forum/remark,22419574 Wed, 20 May 2009 20:54:50 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22419523 hayc59 :

said by Comodo User :

Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.

Actually I am a mod and BETA tester but also MVP
and has nothing to do with the competition
its the crap thats added to all the programs with this tool bar and other stuff...please get your facts correct before posting ignorant statements like that one!!
If you took the time and read through countless threads
and post about this issue and others ..I think you would have second guessed that post!!
but just incase you missed any of the thread I will repost them for you:
and inclosing I gave and give awesome kudos to Mike Nash...owner of Online Armor for telling ask.com where to put it on the tool bar issue....oppps he is competitor for Outpost....oh my ;)

Ask Toolbar in Online Armor Free? Nearly...
»onlinearmorpersonalfirewall.blog···rly.html

»www.calendarofupdates.com/update···ic=19279

»www.calendarofupdates.com/update···id=44516
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget]]> http://www.dslreports.com/forum/remark,22419523 Wed, 20 May 2009 20:43:48 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22415589 ashrc4 :

said by Comodo User :

Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.

When's dslr bringing out their firewall. Carn't wait :)
EDIT : just thought i'd try attentsion diversion myself ;)
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~)]]> http://www.dslreports.com/forum/remark,22415589 Wed, 20 May 2009 07:28:18 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22415546 Grail Knight : As I said just because one part of a company performs poorly that does not make the whole company bad.

Trust me on this I pay attention to what is going on but do not get carried away with things.
--
“Facts not FUD."]]> http://www.dslreports.com/forum/remark,22415546 Wed, 20 May 2009 06:50:43 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22415512 anon : Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.]]> http://www.dslreports.com/forum/remark,22415512 Wed, 20 May 2009 06:18:26 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22415485 ashrc4 :

said by ashrc4

:

If something was up with the firewall would they tell anyone?

It would seem elevating it's effectiveness isn't exactly an entirley foreign subject. :(

»Firewall Leak and HIPS test results
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~)]]> http://www.dslreports.com/forum/remark,22415485 Wed, 20 May 2009 05:43:39 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22415350 ashrc4 : If you can't trust comodo then how can you trust their firewall. They have numerous instances where they have covered up failures or tryed to change results. If something was up with the firewall would they tell anyone?
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~)]]> http://www.dslreports.com/forum/remark,22415350 Wed, 20 May 2009 03:19:43 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22414126 hayc59 :

said by Grail Knight

quote:
Hmmm. I'm beginning to eye my Comodo Firewall with suspicion. While it may be perfectly fine, I don't really trust the company, or their certs.

Grail..I do not know what else you need to see that is happening right before your very eyes!!
»www.calendarofupdates.com/update···try80635]]> http://www.dslreports.com/forum/remark,22414126 Tue, 19 May 2009 21:25:49 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22413866 Doctor Four : I too will keep using Comodo Firewall, despite the erosion of trust in the company. I did however dump their AV in favor of Avira Anti-Vir Free a few weeks ago.

I am looking at alternatives, but am not sure what other free firewall software offers similar features such as the ability to block IP addresses or entire ranges, HIPS, and so on.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/remark,22413866 Tue, 19 May 2009 20:37:15 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22409690 TheAnalyzer : I think that Comodo firewall *may* be an excellent firewall product.
So 'technically' it might be very good.

But in *my* opinion there is also something else apart form the 'technical coding' of the product:

- Trusting the vendor of the product.

I had CFP 2.4 installed for a very long time. It served me very well. I have nothing bad to say about it.

But because of what I hear now about comodo, I do not trust them so much anymore.

Again that does not mean that they make bad products.

regards,

TA :)
--
quod erat demonstrandum]]> http://www.dslreports.com/forum/remark,22409690 Tue, 19 May 2009 04:53:25 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22409649 Grail Knight :

quote:
Hmmm. I'm beginning to eye my Comodo Firewall with suspicion. While it may be perfectly fine, I don't really trust the company, or their certs.

I will still use Comodo Firewall until it is proven that there is something amiss w/ it.

I can think of numerous companies where one part or division screws up well the rest of the companies cranks out excellent products.
--
“Facts not FUD."]]> http://www.dslreports.com/forum/remark,22409649 Tue, 19 May 2009 03:58:26 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22409442 sivran : Hmmm. I'm beginning to eye my Comodo Firewall with suspicion. While it may be perfectly fine, I don't really trust the company, or their certs.

Perhaps time to look at the last firewall poll and see if I can find one I like! (Comodo's Training Mode is super convenient, for sure)
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...]]> http://www.dslreports.com/forum/remark,22409442 Tue, 19 May 2009 01:10:50 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22408146 dadkins : Never liked COMODO...
This just reinforces my dislike. ]]> http://www.dslreports.com/forum/remark,22408146 Mon, 18 May 2009 20:14:44 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22408089 MarkAW : Trust was out the window a long time ago with Comodo IMO.A good example is what they are doing to BoClean.]]> http://www.dslreports.com/forum/remark,22408089 Mon, 18 May 2009 20:00:00 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22407822 hayc59 : I think that trust has been tarnished
alot and will take time to get it back]]> http://www.dslreports.com/forum/remark,22407822 Mon, 18 May 2009 18:55:33 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22406719 ColdinCbus : I totally agree with you. What I would like to see is that Comodo, at least, run the process through a database of rouge domains and IP addresses (I am pretty sure they are plugged into the same matrix we are if not even deeper in so they should have access to a pretty healthy list). That should flag some of the certificates for manual review. IT would be a step in the right direction for "Creating Trust Online".
--
Team Discovery Project Hope]]> http://www.dslreports.com/forum/remark,22406719 Mon, 18 May 2009 15:05:00 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22406651 coldmoon :

said by ColdinCbus

:

Other SSL Cert providers are doing the same thing. The issue is that Comodo also has a security product software line where the other cert providers don't.

This complicates things I am sure, but does not always mean that the commercial services "division" is set up to support or coordinate with the PC security side of things. While on a personal note I would suggest strongly that this should be tighter, there is no obligation on the part of a company to follow a specific business or operational model.

The litmus test here is what the competition will do and whether taking an opposing approach to the current models will result in:

1. Greater market share
2. A realignment of the certificate industry that focuses on real security

What is important now is that this is being debated and exposed to a wider audience. At the very least it should give competitors something to think about...

JMHO
Mike
--
Returnil - 21st Century body armor for your PC]]> http://www.dslreports.com/forum/remark,22406651 Mon, 18 May 2009 14:53:11 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22406516 Jrb2 :

said by hayc59

:

Jan sorry to say that thread @ wilders has been shut down

I know, Gordon.]]> http://www.dslreports.com/forum/remark,22406516 Mon, 18 May 2009 14:32:09 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22406441 TonyKlein : Mike has responded in his blog:

»msmvps.com/blogs/hostsnews/archi···604.aspx]]> http://www.dslreports.com/forum/remark,22406441 Mon, 18 May 2009 14:14:47 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22406386 hayc59 : Jan sorry to say that thread @ wilders has been shut down

Follow up..more has come to light on this
controversy and looking very strange
»www.calendarofupdates.com/update···try80612]]> http://www.dslreports.com/forum/remark,22406386 Mon, 18 May 2009 14:07:38 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22403734 Jrb2 : Thread at the Wilders board:
»www.wilderssecurity.com/showthre···t=242453

May I quote reply # 34 (from Wolfe) with which I fully agree:

quote:
It al boils down to this (emphasis is mine):

quote:
Today, the biggest issuers of DV certs are Verisign and Godaddy. They have continued issuing DV certs which caused likes of Comodo to offer it as well. If we didn't we would lose customer and the world would have no chance of fight back.

the bolded part from the quote above could well be translated as:

"My competitors in the auto sales branche do provide waranties for cars with failing brakes. Therefore, I must do one and the same, otherwise it would cost me money".

In my book that's by no means a justification; on the contrary. Knowing there's something totally wrong, stating in public one and the same - and persisting in doing the wrong thing can't be justified in any way. Symantics are of no importance here.

Comodo should keep the interest from the public in mind instead of focussing on loosing money/clients themselves. They willingly pick the wrong side.

Wether or not part of the competition is doing one and the same is of no importance; it's Comodo who solely is responsible for their actions. The same goes for the technical relevancy from certificates in question; that is not the real issue at hand here.

]]> http://www.dslreports.com/forum/remark,22403734 Sun, 17 May 2009 21:45:26 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22402440 ColdinCbus : Other SSL Cert providers are doing the same thing. The issue is that Comodo also has a security product software line where the other cert providers don't.
--
Team Discovery Project Hope]]> http://www.dslreports.com/forum/remark,22402440 Sun, 17 May 2009 15:23:10 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22401001 danny9 : Do you know if Comodo is the only one doing this or if it is a common practice among other vendors?
Just curious.
--
VoicePulse 07/29/04]]> http://www.dslreports.com/forum/remark,22401001 Sun, 17 May 2009 03:19:12 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22400265 mers2 : Absolutely incredible. Just reinforces my decision to not install ANY Comodo product nor will I recommend them to anyone else. ]]> http://www.dslreports.com/forum/remark,22400265 Sat, 16 May 2009 22:16:55 EDT Re: Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22400261 sded : Followup to »REMOVE Comodo Certificates from FireFox, Opera!!! ? I have Opera set up to warn me if any site tries to use a Comodo sponsored certificate.]]> http://www.dslreports.com/forum/remark,22400261 Sat, 16 May 2009 22:16:17 EDT Comodo continues to issue certificates to known Malware http://www.dslreports.com/forum/remark,22400172 hayc59 : I was following up on a list of malware sites posted on Dancho Danchev's Blog and yet again I find Comodo issuing certificates to these Malware writers. The reason I say again is I was given a "secret" email address at Comodo a while back to report these culprits ... however I was asked to keep it quiet.
Forum: COU
More Info: MSMVPS Blogs
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget]]> http://www.dslreports.com/forum/remark,22400172 Sat, 16 May 2009 21:47:42 EDT