Could be BS, but there are some testable claims
- the name of the RA
- the ceo's account
- the "comodo username"
- did the RA really have a trustdll.dll
- was it C#
- did it really hardcode in their password/username?
This is all depressingly plausible. Is trustdll.dll something Comodo distributes, or was that winning idea solely the RAs? Does it really take only a name and password, and do RAs typically leave those hardcoded into internet-connected systems?
Created attachment 522228
Hacker claim
Found a hacker's claim of responsibility at http:// pastebin. com/74KXCaEZ
Could be BS, but there are some testable claims
- the name of the RA
- the ceo's account
- the "comodo username"
- did the RA really have a trustdll.dll
- was it C#
- did it really hardcode in their password/username?
This is all depressingly plausible. Is trustdll.dll something Comodo distributes, or was that winning idea solely the RAs? Does it really take only a name and password, and do RAs typically leave those hardcoded into internet-connected systems?
Found a similar (unverified) claim in response to a Heise article on the subject, guy claiming to be a reseller (presumably restricted by DV checks at the RA or Comodo level?) who could get around that by calling the APIs directly and bypassing the app they were given. www.heise. de/security/ news/foren/ S-Kenne- ich-von- Comodo- nicht-anders- ich-kann- selber- solche- Zertifikate- ausstellen/ forum-196553/ msg-20015933/ read/
http://