You have to wonder what form of authentication was used at Comodo's Registration... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jpravetz on March 24, 2011 \| parent \| context \| favorite \| on: Iranian hackers obtain fraudulent HTTPS certificat... You have to wonder what form of authentication was used at Comodo's Registration Authority server that enabled it be breached. Maybe an RSA SecureID token :-) (see http://steve.grc.com/2011/03/19/reverse-engineering-rsas-sta...). Seriously, I'd have thought the admin account on an RA server would require multiple approvals, on-site access or something. I guess we'll have to wait for the details to come out. Something like this is bound to eventually happen when you have so many trusted root SSL certs in play.

codelion on March 24, 2011 [–]

That will always be a problem with trusting some 3rd party for certificates, as soon as the number of trusted parties increase these things can become more frequent.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact