Wednesday, March 30, 2011

Messages from the (purported) Comodo Hacker

The purported Comodo hacker has posted a number of documents on pastebin. The hacker claims to have used API access to generate the certificates mentioned in

Comodo has also recently announced that two additional resellers were also breached.

The documents are well worth a read to understand how web based infrastructure services might be breached, and where we might expect to see attacks in the future. API accessibility and vulnerable servers make for a nasty combination when a trust based infrastructure is in play.

No comments: