Given proper circumstances, the resulting certificates could be used to spoof content, conduct phishing attacks, and/or perform man-in-the-middle attacks against all popular browsers, across many platforms. Using these certificates, the attacker could redirect a victim to a forged Firefox plug-in download page, and deliver them malicious add-ons to install. The certificate would appear valid to the the browser, so there would be no warning to the user that something was amiss. At that point, the attacker could control the lion's share of computer's in American homes.
However, upon discovery, all certificates were revoked. This will make using the forged certificates much more difficult, and much less far reaching (unless other key components of our Internet infrastructure are also compromised, namely our DNS systems). Comodo could only verify that one of the certificates generated was actually received by the attacker. Comodo reported, "Our systems indicate that when this one certificate was first tested it received a 'revoked' response from our OCSP responders. The site in Iran on which the certificate was tested quickly became unavailable."
It is believed that "this was likely to be a state-driven attack".
At least it looks that way. Of course - in cyberspace - things aren't always what they seem. The attack could have just as easily been conducted by an American Warhawk, who compromised a system in Iran, and launched the attack from there. However, Comodo reported that, "The Iranian government has recently attacked other encrypted methods of communication."
In order to use these certificates maliciously, there would have to be additional DNS tom-foolery. Do the attackers already have that piece of the attack 'in the bag'?
You may recognize some of these domain names. It looks like this was an attack against communications, as opposed to banks or online-shopping sites, as a criminal might attempt.
In any event - even though the certificates in question were revoked, Microsoft released a patch. If you are running windows, you should apply that patch.
From the comodo release:
Fraudulently issued certificates
9 certificates were issued as follows:
Domain: mail.google.com [NOT seen live on the internet]
Serial: 047ECBE9FCA55F7BD09EAE36E10CAE1E
Domain: www.google.com [NOT seen live on the internet]
Serial: 00F5C86AF36162F13A64F54F6DC9587C06
Domain: login.yahoo.com [Seen live on the internet]
Serial: 00D7558FDAF5F1105BB213282B707729A3
Domain: login.yahoo.com [NOT seen live on the internet]
Serial: 392A434F0E07DF1F8AA305DE34E0C229
Domain: login.yahoo.com [NOT seen live on the internet]
Serial: 3E75CED46B693021218830AE86A82A71
Domain: login.skype.com [NOT seen live on the internet]
Serial: 00E9028B9578E415DC1A710A2B88154447
Domain: addons.mozilla.org [NOT seen live on the internet]
Serial: 009239D5348F40D1695A745470E1F23F43
Domain: login.live.com [NOT seen live on the internet]
Serial: 00B0B7133ED096F9B56FAE91C874BD3AC0
Domain: global trustee [NOT seen live on the internet]
Serial: 00D8F35F4EB7872B2DAB0692E315382FB0
Fraudulently issued certificates.. but this related with some big companies such as yahoo, google.
ReplyDeleteThis professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
ReplyDelete-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
-funds recovery
Email: onlineghosthacker247@ gmail .com