shearer
Northern Lights
Premium
join:2002-06-18
Toronto, ON
clubs: | reply to hayc59
Re: Comodo Continues to Damage It's Reputation
Disabled Comodo certs on IE and Firefox. thanks for heads up |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
 ·Verizon Online DSL
| I'm still using Comodo version 2.4.18.184. Should I disable anything in Firefox? If so, where do I find the certs you referred to?
Don't use IE, but access one PhotoBucket account using Avant Browser (which is IE-based) to keep its cookies separate from another PhotoBucket account.
--
Be content with your lot; one cannot be first in everything. ▪Aesop |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
1 edit | In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes. |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
1 edit | I unchecked and deleted all Comodo certificates in Opera, Seamonkey and IE7 and haven't had any problems. |
|
KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
| reply to Its a Secret
Thanks for the tip! I need to do the same with IE8. But not sure how to?
said by Its a Secret  :In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Its a Secret
Simply unchecking Comodo certs is not enough. You must also uncheck for Add Trusted, Be Trusted and User Trust Network. They are all owned by Comodo. In Fx you cannot delete them. Well, you can but Fx will replace them next time you open the browser. Instead, disabling them as you have described is the correct and only effective way to do it in Fx.
In IE, UTN is User Trust Network. Click on Advanced tab and uncheck everything on each of them. Uncheck the Comodo one. Uncheck all A-Trust ones also.
In Opera, they are Add Trust, Comodo and UTN. You can uncheck both boxes or you can check both boxes. If you check both boxes then Opera will warn you before using the cert.
Fx3 is a mess for dealing with certs compared to earlier versions. In 1.5 if you have unchecked a cert, and you encounter a web site that uses a cert from that root issuer, Fx gives you a straightforward warning and asks if you want examine the cert, choose to never accept that cert, choose to accept it one time or always accept it. Fx3 is a great deal more complicated and you have to navigate through a bunch of windows designed to terrify the average user before Fx3 will allow you to examine the cert which is the first thing it should do like it does in 1.5. You need to examine the cert but Fx 3 thinks users are too dumb to do that (and a lot are).
Fx3 also is extremely misleading and lies to the user as it tells you that something is wrong with the web site. That is not true if you have unchecked all Root certs from Comodo! There is nothing necessarily wrong with the website. The user chose to uncheck those certs and unchecking them is the "problem". There could be something nasty at the website that uses one of those certs but not always. I keep GoDaddy unchecked because a lot of sites that are sleazy use GoDaddy because it is the cheapest. I want to know before I go to a secure site secured by GoDaddy. Fx 1.5 handles this correctly. Fx3 goes nuts. I just need to look at the cert (partly because I need to see who the issuer is) which Fx 1.5 understands and shows it to me immediately. Fx3 freaks out and makes it a hassle for me to examine the cert.
Mozilla is still seriously discussing yanking Comodo certs but the stumbling block appears to be that since that has never been done before they don't know how best to do it while causing the least disruption to users. At this point, I think they just need to yank them even if it causes some initial problems. I get chills every time I think about how Eddy Nigg was able to buy a cert for mozilla.com from a Comodo reseller with no attempt to check his identity. I think they should have yanked them back in January instead of the immense amount of discussion in the news group and the filing of bugs, etc. which is still ongoing.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
·Verizon Online DSL
| reply to Its a Secret
said by Its a Secret :... Find Comodo, and click edit for each of them and uncheck the boxes. I did as suggested and found none of the boxes checked for any of 'em (see screen snapshot). Deleted all, but they were there again immediately when I reopened the section without doing anything else. Is it possible that since they're already unchecked, they have no ability to authorize anything? "Authorities" is the only tab that has anything in it at all. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| said by onDvine : Is it possible that since they're already unchecked, they have no ability to authorize anything? "Authorities" is the only tab that has anything in it at all. Yes, as confirmed by Mele20 , unchecking seems to be the only way. And yes, they won't be used to verify a site.
The other tabs should be empty unless you've added a cert to them.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous |
|
siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC
·Bell Sympatico
| reply to onDvine
onDvine  have a look here for Certs in IE >
»www.mvps.org/winhelp2002/restric···#Setting |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs: | reply to Its a Secret
Thanks, Its a Secret . |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
·Verizon Online DSL
2 edits | reply to siljaline
Thank you, siljaline . I'm still using IE 6, and no sites in the Restricted zone are allowed to do anything.
2nd edit: Should've said IE 6 is what's installed. I don't actually use it, and only use Avant Browser (IE-based) to go to one site. |
|
Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
·Shaw
| reply to Its a Secret
said by Its a Secret :In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes. What about the very large number of certificate authorities that are built into Firefox? Are they all considered to be safe?
--
Knowledge is learning something new every day. Wisdom is letting go of something every day.
|
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | That's a good question. I guess we'll find out if the worm turns to bite us. |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
·Verizon Online DSL
1 edit | reply to Pentangle
said by Pentangle :... What about the very large number of certificate authorities that are built into Firefox? Are they all considered to be safe? I wondered that, too. Never looked there before and don't recognize most of the names. I have no dealings with America Online Inc. and unchecked boxes for their certificates shown in the screen snapshot above. The three two for AOL Time Warner Inc. had no boxes checked.
Below that is one in Spanish with two boxes out of three checked (detail shown in the screen snapshot above). I don't speak Spanish or go to Spanish language sites but hesitated to uncheck them because I don't understand what the heck any of the certificates are about/for.  Does anybody know if they're needed?
Sorry the above veers slightly off-topic: not about the Comodo certificates. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| said by onDvine :I don't speak Spanish or go to Spanish language sites but hesitated to uncheck them because I don't understand what the heck any of the certificates are about/for. Does anybody know if they're needed? Try this for an explaination: »translate.google.ca/translate?hl···26sa%3DG
It looks like this cert issuer can verify ONLY web sites and email (i.e. encrypted or signed email), not software.
I tend to think this may be getting a bit overblown as an issue, however, you never know, do you?
You can always view the certificate though, if you have any doubts.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
·Verizon Online DSL
| Thank you. It looks like a very good explanation, if only I understood it. Am not among DSLR's more tech-savvy members.
... however, you never know, do you? ... Some others here might; I don't. I see so many unfamiliar names that are tempting to disable if checked, but experience has taught me not to check or uncheck stuff without knowing WTF I'm doing. 
... You can always view the certificate though, if you have any doubts. I did and as with the linked explanation, don't understand it.  Maybe one of these days I'll ask about certificates in the Mozilla section. Thanks again for your time and attention. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| Always a pleasure.
All a certificate issuer does is verify that a person or organisation is who they say they are. Most have strict rules around that including lawyers, Notary Publics etc. and when, and only when, they are verified is a cert issued. Commercial certs are not cheap and for good reason.
There is a multitude of trust placed in these companies, and we can only hope the trust is not misplaced.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous |
|
