The recent revelation of an attack on a registration authority affiliate of Comodo has sparked a more panoptic discussion about Internet security and SSL certificates.
As Comodo disclosed, on Wednesday, the registration authority had been compromised following an attack on March 15 and that the username and password were slipped of a Comodo Trusted Partner in Southern Europe. With these details the attacker managed to collect nine digital certificates across seven domains, including login. yahoo (NSDQ: YHOO).com, mail. google (NSDQ: GOOG).com, login. skype. com and addons. mozilla. org among others. However, Comodo discovered it within hours of the attack and all the certificates were countermanded with one still in use. The company said that two IP addresses were assigned to an Iranian Internet Service Provider (ISP) and believes that it could be an effort made by the Iranian government to scout on dissenters using Gmail, Skype and other services.
This issue has not only paved way for arguments on possible government spying but also has underscored the very basic problem of rightful authentication of the web space and Internet. However Moxie Marlinspike well-publicized security researcher, especially for his research on attacking SSL told CRN that it “is not viable” to revoke the process of existing certificate.