Comodo Reseller Client Information Exposed with SQL Assault
It's once again that browser security has risen to importance since one more Comodo associate went through a data hack due to which cyber-criminals managed to gain admission into client data. Eweek.com reported this on May 25, 2011.
The said attack involved SQL-injection for managing access to demands for certificate signing as well as leaking out customer data out of ComodoBR. Thereafter the leaked out information was published on Pastebin a website for text-sharing within accounts dated May 21 and May 22, 2011.
The hijacked information contained name of the certificate authority, certificate request, order number, name of personal key file, phone number, fax, e-mail and other particulars.
Also details of customers such as addresses, telephone numbers, organization names, domain names, web-server types, their serial numbers etc. are compiled in the hijacked data.
When an SQL-injection assault occurs, certain requests for database get incorporated into the website frequently pretending to be a remark alternatively within a filed on an online questionnaire. Once these details are entered, and incase the text doesn't get properly processed then the malware gets run over the database followed with transmission of the outcomes back to the cyber-criminal.
Melih Abdulhayoglu CEO and president of Comodo stated that nobody had compromised the company's computers, nor had anyone issued certificates because of the data hack as also that the reseller in Brazil couldn't any longer reach its databases. In short, it was an SQL assault against a Brazilian firm that sold a few Comodo products, he e-mailed. Webhost Industry Review reported this on May 25, 2011.
Lately, during March 2011, an Italian reseller of Comodo products was struck with an SQL-insertion assault whereby its log-in details got filched. A hacker from Iran admitted committing the assault when he crafted fake Secure Sockets Layer (SSL) certificates for leading web-domains of Skype, Yahoo, Microsoft, as well as Google.
Nevertheless, leading software companies are trying to find solutions for making the process of verifying certificates stronger and stopping website copying.
Says senior staff technologist Peter Eckersley at the Electronic Frontier Foundation, websites can enhance their security by declaring the certificate provider they engage. Eweek.com reported this.
Related article: Canada - A Major Stimulator of Spam, Says Cisco
» SPAMfighter News - 08-06-2011