Heads of the Hydra. Malware for Network Devices. Network devices such as routers, access points and DSL modems are an integral part of today's home and small office networks.
Typically, these devices will have been provided by a user’s ISP or bought to extend a user’s existing infrastructure and are usually managed by people who do not have any special technical knowledge. Often poorly configured and vulnerable, such devices are an easy target for network-based attacks, allowing cybercriminals to quickly and easily gain control over a network. Surprisingly perhaps, these seemingly innocuous devices can also offer a perfect hiding place for malware. Introduction Main security issues The weakest link in any IT security chain is in fact the user, and this holds true for network threats and devices also. Small, user-friendly network devices that simply need to be plugged into the network are becoming more and more popular. Unfortunately, even the most attentive user cannot ensure that their equipment is 100% secure. Watch your DNS! The real security issue behind the Comodo hack.
April 05, 2011 Follow @rogeragrimes News of an Iranian hacker duping certification authority Comodo into issuing digital certificates to one or more unauthorized parties has caused an uproar in the IT community, moving some critics to call for Microsoft and Mozilla to remove Comodo as a trusted root certification authority from the systems under their control.
Though the hacker managed his feat by first compromising a site containing a hard-coded logon name and password, then generating certificates for several well-known sites, including Google, Live.com, Skype, and Yahoo, I'm not bothered by the technical issue. Instead, my main concern over Public Key Infrastructure (PKI) and digital certification is that users don't understand it. For the most part, people don't care about digital certificates and the security they could provide.
PKI is not the culprit First, I should point out that the PKI system didn't fail, at least after the compromise. Solo Iranian hacker takes credit for Comodo certificate attack. News March 27, 2011 08:39 PM ET Computerworld - A solo Iranian hacker on Saturday claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, including Google, Microsoft, Skype and Yahoo.
Early reaction from security experts was mixed, with some believing the hacker's claim, while others were dubious. Last week, conjecture had focused on a state-sponsored attack, perhaps funded or conducted by the Iranian government, that hacked a certificate reseller affiliated with U.S. -based Comodo. On March 23, Comodo acknowledged the attack, saying that eight days earlier, hackers had obtained nine bogus certificates for the log-on sites of Microsoft's Hotmail, Google's Gmail, the Internet phone and chat service Skype and Yahoo Mail.
Comodo hack may reshape browser security. Major browser makers are beginning to revisit how they handle Web authentication after last month's breach that allowed a hacker to impersonate sites including Google.com, Yahoo.com, and Skype.com.
The efforts are designed to remedy flaws in the odd way Web security is currently handled . Currently, everyone from the Tunisian government to a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices and scores of German colleges are trusted to issue digital certificates for the largest and most popular sites on the Internet. Microsoft's manager for trustworthy computing, Bruce Cowper, told CNET that the company is "investigating mechanisms to help better secure" certificate authorities, which issue trusted digital certificates used to encrypt Web browsing, against this type of attack.
If the technology were widely adopted and glued into major browsers, that would have made last month's Comodo breach a non-event. Behind Comodo hack, an insecure Web (roundup) Independent Iranian Hacker Claims Responsibility for Comodo Hack. The hack that resulted in Comodo creating certificates for popular e-mail providers including Google Gmail, Yahoo Mail, and Microsoft Hotmail has been claimed as the work of an independent Iranian patriot.
A post made to data sharing site pastebin.com by a person going by the handle “comodohacker” claimed responsibility for the hack and described details of the attack. A second post provided source code apparently reverse-engineered as one of the parts of the attack. Whether the postings are authentic and accurate is, at present at least, a matter of conjecture. The post specifies a number of details that appear authentic. The writer fingers Italian Registration Authority GlobalTrust.it/InstantSSL.it (the same company operating under multiple names) as the weak link.
[partner id="arstechnica"] The alleged hacker also described some details of the hack itself. Reasons for caution So at least to some extent, the claim looks legitimate. [C#] Another proof of Hack from Comodo Hacker. A message from Comodo Hacker.