[Bug 310999]
Notordoktor
310999 at bugs.launchpad.net
Wed Mar 23 12:59:43 UTC 2011
So, how much is too much?
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
<snip>
This issue was reported to us by the *Comodo Group, Inc.*, the certificate authority *responsible* for issuing the fraudulent certificates.
</snip>
Comodo has known history of doing sloppy verification and they even
bundle their "trusted" vendors list into their CIS product, which
results in users getting infected by malware: http://forums.comodo.com
/wishlist-cis/provide-an-option-to-remove-allselected-ctrlclick-trusted-
software-vendors-t62449.0.html
<snip>
Thanks to the trusted vendor list, a trojan dropper signed by trend micro inc. was able to work successfully (good job Comodo!). When you add a trusted vendor list, all it does is provide one giant security hole for droppers which are falsely signed
</snip>
Let me repeat: So, how much is too much?
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to Mozilla.
https://bugs.launchpad.net/bugs/310999
Title:
comodo seen issuing certificates unwisely
More information about the Ubuntu-mozillateam-bugs
mailing list