Comment 84 for bug 741528

Created attachment 522228
Hacker claim

Found a hacker's claim of responsibility at

Could be BS, but there are some testable claims
 - the name of the RA
 - the ceo's account
 - the "comodo username"
 - did the RA really have a trustdll.dll
 - was it C#
 - did it really hardcode in their password/username?

This is all depressingly plausible. Is trustdll.dll something Comodo distributes, or was that winning idea solely the RAs? Does it really take only a name and password, and do RAs typically leave those hardcoded into internet-connected systems?

Found a similar (unverified) claim in response to a Heise article on the subject, guy claiming to be a reseller (presumably restricted by DV checks at the RA or Comodo level?) who could get around that by calling the APIs directly and bypassing the app they were given.