Officials at Comodo have acknowledged that an additional two registration authorities affiliated with the company have been compromised in the wake of the high-profile attack on the company that was disclosed last week. However, no forged certificates were issued as a result of the new attacks.

In a message on a discussion thread set up after the original attack on a Comodo registration authority, Robin Alden, CTO of Comodo, said that the company has discovered two fresh compromises of its affiliated RAs during the investigation into the first attack. Alden did not furnish any other details about the new compromises.

“Two further RA accounts have since been compromised and had RA privileges withdrawn.  No further mis-issued certificates have resulted from those compromises,” Alden said in the message about the new RA compromises.

Addressing a list of concerns about Comodo’s practices raised by customers and browser vendors in the wake of the attack, Alden said that the company is now in the process of rolling out a new two-factor authentication system for its RAs. Comodo also is installing other security measures as a result of the attack.

“We are rolling out improved authentication for all RA accounts. We are implementing both IP address restriction and hardware based two-factor authentication.  The rollout of two-factor tokens is in progress but will take another couple of weeks to complete.  Until that process is complete Comodo will review 100% of all RA validation work before issuing any certificate,” Alden wrote.

The technical details of the attack on an RA affiliated with Comodo earlier this month are still unclear, although officials have said that the attacker went in through the account of one of its RAs and then was able to use the account to issue himself fraudulent certificates for a number of sites belonging to Google, Mozilla, Skype and Yahoo.

Someone claiming to be the attacker responsible for the Comodo compromise has posted several messages to Pastebin with the purported details of the attack. And on Monday the same person also posted the forged certificate for Mozilla that he issued himself, as well as the private key for the certificate. Alden said in the message on the Mozilla discussion thread that Comodo has determined that neither the company’s hardware security module (HSM) nor its private key material were compromised in the original or subsequent attacks.

After the initial attack on Comodo became public, Mozilla officials called on Comodo to stop issuing certificates to RAs directly from the root that the company maintains. Alden said that the company is in the process of moving to that model.

“We understand Mozilla’s request that we move to having a separate sub_CA certificate per RA.
Currently many of our end entity certificates are issued from RA-specific sub-CAs but some (like this incident) are not. As a short-term measure we will move towards issuing all certificates from sub-CAs.  Initially some of these will be Comodo-branded and there will not be a 1:1 match between RAs and sub-CAs, but we think this will give Mozilla the flexibility they seek in this regard.  In the slightly longer term we will move to a sub-CA per RA,” Alden said.

Categories: Cryptography, Data Breaches, Vulnerabilities, Web Security

Comments (8)

  1. Anonymous
    1

    Pretty amazing they basically trusted RAs with access to their private key, even if through some API or other. Why do entities like mozilla and microsoft (who amazingly forces all their users to consent to their trustability decisions) even allow root certificates in their certificate stores without checking that the people with the matching private key have any clue what they’re on about?

     

    This is yet another blow to PKI. You can’t “live and learn” in this environment without risking massive compromises. Why are we still paying these people anything at all?

  2. TekDawg
    2

    I for one certainly hope these engineers get their ducks in a row… I recently started using the FREE version of comodo on multiple systems at home and find it to be far better than other vendors that I have paid what amounts to ransom for the priveledge of having my systems slow down and still become infected by simply browsing over a web site.  I am considering purchasing the Comodo product to deploy in a large corporate environment and will be watching this development very closely.

  3. Anonymous
    3

    TekDawg, I hope you are aware that with some up front effort you can easily create your own CA? Large corporate environments are a perfect place to deploy such a thing. The devil is in doing the administration and the rather steep learning curve for using the tools. But the tools are free and already there (openssl, nss) or easily obtainable (eg xca).

    Personally I wouldn’t trust a CA that obviously doesn’t know how to properly manage and mitigate risks that directly affect their core business. The cost of that going wrong easily surpasses the cost of running your own private, corporate CA.

  4. Antimedia
    4

    Anonymous, if folks like Comodo, who specialize in this field, have trouble figuring out how to secure the CAs, what makes you think that a roll-your-own scenario would be any less subject to compromise?

    When we used Verisign for PKI, I was constantly amazed at the lack of sophistication in their authentication schemes.  It got better over time, but initially it was ridiculous.  Some parts still are.  That you think doing it yourself would be better shows a lack of understanding of the difficulties involved in even understanding PKI, much less implementing it correctly.

    I have about ten years experience in it, and I can assure you that getting it all working right and maintaining it is non-trivial.

  5. EtherealMind
    5

    For five hundred bucks a year for a single domain certificate, I expected a lot more attention to detail. How much profit have they raked out of this business instead of spending on correct security practices and audits. 

    Given that a certificate costs nothing but the security process and small bung to the browser makers, it’s inconceivable how they could screw up this bad. 

  6. Anonymous
    6

    The whole PKI infrastructure is built on _trusted third party_. In a world where security would have any value Comodo would have to step down from PKI business related services for ever.

  7. Anonymous
    7

    You seem to think these people are “specialists” as if this is some “professional” field that requires “unique” knowledge to maintain. That is simply complete crap and FUD. You also seem to think they are more secure than anyone else could possible make their systems. Again, more FUD. At least on your own systems you can chose when, what, and how to audit. You also can change policy (ie: improve it)  on a whim rather than being reactive (as opposed to proactive) as any of these CAs tend to be.

    The only real difficulty is getting your root CA added so public net clients trust you. Thats the only thing these companies have of any value. The rest is little more than fluff.

    If you can accomplish the later you are far better off and safer doing it all yourself.

    Ive been in this over 18 years and I assure you it is trivial.

Comments are closed.