Monday, May 25, 2009

Comodo . . . again

Hot on the heels of Microsoft MVP Mike Burgess' report of Comodo issuing certificates to known malware, he made another discovery, reported in Oh Comodo here we go again!

As Melih Abdulhayoglu, the President and CEO of Comodo, explained previously:
"Comodo cares for their security, so when somoene gets a DV cert from Comodo, we do try to explain to them it is important that they get a higher validation certificate like OV (Organisation Validation) or EV (Extended Validation). This way at lease we can convert some of the people who whould have bought DV into a validated customers."
Perhaps instead of explaining to the DV certificate customer, Comodo would do better to take a few minutes to conduct a simple WhoIs domain search. As Mike put it here:
"First I very rarely see a certificate issued by GoDaddy to these type malware pushers ... now here is a tip ... perhaps the first clue would be to Google the domain name that wants to purchase a certificate ...


Yet "Iam Monkey_boy=) from the comodo forums" states:
"Comodo can't really be blamed if a site that has a certificate hosts malware"

Let me put a little perspective on this ... "Conficker systems being updated with SpywareProtect2009"
Conficker is now believed to be the largest computer worm infection since the 2003 ... and Comodo issued the certificate to "SpywareProtector-2009" ... now you can't tell me that this domain name isn't a cause for concern? It gives me chills to think how many people were duped into purchasing this product.

Now if it was my company and I found out we were involved (even remotely) in the largest infection since 2003 ... I'd certainly want to make some changes in our policy as to how these certificates are issued ... but that's just me ..."

and here
"Comodo states: "To get a DV cert all you need is a domain name and $15..and no background check about your identity is required." As I stated in a previous post ... perhaps you should at least check the domain name ... duh! that would be a good first clue ... but I guess the $15 is more important?"

