ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Comodo Certificate Fraud Hack and Its Implications on Dotti Fashion Organization

Verified

Added on  2023/06/10

|12
|957
|129
AI Summary
This presentation discusses the implications of Comodo certificate fraud hack on Dotti Fashion Organization. It highlights the risks and issues that the company may face due to the compromise of its digital certification integrity. The presentation also provides solutions to protect the company from cyber attacks, such as appointing a security researcher, creating a map of SHA1 fingerprints, monitoring XSS and SQL injections, and using special software like web application firewall.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
COMODO
CERTIFICATE
FRAUD HACK
STUDENT NAME
STUDENT NUMBER

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
ORGANIZATION
THE CHOSEN ORGANIZATION FOR
THE SCENARIO HERE IS DOTTI
FASHION ORGANIZATION
MEDIUM SIZED COMPANY AND
HAS RECENTLY GROWN IN
BUSINESS]
OPENED ITS ONLINE STORE
RECENTLY IN 2012 FOR
COMMERCIAL TRANSACTIONS
DEALS WITH FASHION ITEMS
Document Page
CONCERN
AFTER NEWS BROKE OUT THAT THE
CERTIFICATION AUTHORITY OR CA CALLED
COMODO WAS DUPED BY AN IRANIAN
HACKER IT CAUSED A MAJOR CONCERN IN
THE IT COMMUNITY.
THE COMMUNITY HAS EVEN URGED
PROMINENT COMPANIES LIKE MOZILLA
AND MICROSOFT TO REMOVE COMODO AS
A PROPER TRUSTABLE ROOT SECURITY
AUTHENTICATOR (PARKINSON, S.F., EMC
CORP, 2014).
THE DIGITAL CERTIFICATION INTEGRITY OF
THE COMPANY WAS COMPROMISED WHICH
CAN PUT THE COMPANY AT SERIOUS RISK
IF PROPER STEPS ARE NOT TAKEN.
Document Page
SECURITY RISKS
THE REGISTRATION SERVER OF THE
MENTIONED COMPANY (DOTTI) CAN
GET COMPROMISED DUE TO THE
CERTIFICATION HACK.
THE PARTNERS WHICH ARE CURRENTLY
WORKING FOR THE MENTIONED
COMPANY CAN ALSO GET
COMPROMISED AND THEIR
PASSWORDS AND LOGIN DETAILS CAN
BE STOLEN THROUGH THE EXPLOIT.
THE HACK COULD POTENTIALLY
TRANSFER THE USER TRAFFIC OF THE
COMPANY TO A FAKE SITE AND CAUSE
IRREPARABLE DAMAGE TO ITS
REPUTATION.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
CONTINUED…
DOTTI COULD ALSO GET AFFECTED BY
SEVERAL LAWSUITS DUE TO FAILURE OF
DISCOVERING THE VULNERABILITY AND
REVOKING IT AS SOON AS POSSIBLE.
THE BASIC SECURITY OF THE SITE WILL
GET COMPROMISED AND USERS WILL
REFUSE TO PERFORM ONLINE
COMMERCIAL TRANSACTIONS FROM
DOTTI’S WEBSITE WHICH WILL AFFECT
THEIR PROFIT MARGIN AS WELL (KHAN ET
AL. 2018).
HACKERS WILL BE ABLE TO INTERCEPT
THE SENSITIVE DATA THAT GOES
BETWEEN THE SITE AND THE BROWSER
WHICH IS NORMALLY ENCRYPTED
Document Page
ISSUES
THE HACKERS CAN USE THE COMODO
CERTIFICATE HACK AS A MEDIUM TO GET INTO
THE PKI ENVIRONMENT. THEY CAN USE THE
HACK TO IMPROVE THE DIFFUSION OF
MALWARES IN THE SERVER OF THE MENTIONED
COMPANY, DOTTI.
THEY CAN COMPROMISE THE BUILD SERVER OF
THE MENTIONED COMPANY BY SIGNING THE
MALWARE THROUGH OTHER DIGITAL
CERTIFICATES SUCH AS ADOBE ALONG WITH
COMODO TO INCREASE THE CHANCES OF FAIR
VALIDATION OF CODES.
THEY WILL ALSO HAVE THE CAPABILITY TO
INSTALL INFECTED ISAPI FILTER, PASSWORD
DUMPER AND A NUMBER OF MALICIOUS CODES.
THEY CAN ALSO CREATE NEW TROJANS WITH
THE STOLEN DIGITAL SIGNATURE AND ENHANCE
Document Page
SOLUTION
APPOINTING A SECURITY RESEARCHER
WHO WILL HAVE ACCESS TO THE SSL
BLACK LIST THAT HAS A COLLECTION OF
THE DIGITAL CERTIFICATES LIKE
COMODO WHICH ARE USED FOR
MALIGNOUS PURPOSES (DOTTI ONLINE
SHOP 2018).
CREATE A MAP OF SHA1 FINGERPRINTS
WHICH ARE LINKED TO BOTNET AND
MALWARE ACTIVITIES.
DOTTI NEEDS TO KEEP A TRACK ON THE
LATEST DIGITAL CERTIFICATE ABUSE
NEWS TO KEEP A TRACK ON INTERNET
SURVEILLANCE AND MALWARE
DISTRIBUTION.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CONTINUED…
BACKING UP THE WEBSITE DATA
REGULARLY BY CREATING MANUAL AND
AUTOMATIC BACKUPS.
THE XSS OR CROSS SITE SCRIPTING AND
SQL INJECTIONS NEED TO BE MONITORED
CAREFULLY THROUGH QUERIES WHICH
ARE PARAMETERIZED TO CHECK
UNUSUAL INSERTION OF CODES IN THE
SERVER (COMODO CERTIFICATE HACK
2018).
SPECIAL SOFTWARE SUCH AS WEB
APPLICATION FIREWALL CAN BE USED BY
THE COMPANY TO FILTER ANY HACKING
ATTEMPTS AND PROVIDE AN EXTRA
LAYER OF PROTECTION
Document Page
CONTINUED…
USAGE OF STRONG PASSWORDS IS
MANDATORY AND DOUBLE
AUTHENTICATION SHOULD BE MADE
MANDATORY FOR EVERY USER OF THE
COMPANY’S WEBSITE.
TO PROTECT ITS CUSTOMERS, DOTTI
CAN REMOVE THE AUTO FILL OPTION
FROM ITS WEBSITE TO PREVENT THE
HACKERS FROM STEALING SENSITIVE
CUSTOMER INFORMATION
. THE COMPANY NEEDS TO APPOINT A
PROPER SECURITY TEAM WHICH WILL
HAVE THE ABILITY TO CHECK UPLOADED
FILES WITH SUSPICION AND MONITOR
THE ACTIVITY OF THE UPLOADED FILES.
Document Page
ONS
THE NETWORK OF THE COMPANY NEEDS TO BE
DIVIDED INTO MANAGEABLE ZONES AND FOR THE
WORKING TEAMS, MULTIFACTOR AUTHENTICATION
NEEDS TO BE PROVIDED TO MANAGE THE SCENARIO.
SECURITY POLICIES NEED TO BE REVISED AND
ENFORCED ACCORDINGLY TO PROVIDE STRONGER
DEFENCES THAT CAN RESPOND TO HTTP AS WELL AS
HTTPS ATTACKS.
EMPLOYEES NEED TO BE EDUCATED ABOUT THE
IMPORTANCE OF ACCESS CONTROLS,
AUTHENTICATION AND IDENTITY VERIFICATION.
VPN OR VIRTUAL PRIVATE NETWORKS NEEDS TO BE
USED TO PREVENT MAN IN THE MIDDLE ATTACKS.
THE SOFTWARE AND PATCHES NEEDS TO BE
CHECKED IF THEY ARE UP TO DATE TO PREVENT THE
LATEST THREATS.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
CONTINUED…
TO STOP THE ATTACKING SYSTEM AND
IDENTIFYING THE MALICIOUS ATTACKERS,
IPS OR INTRUSION PREVENTION SYSTEM
NEEDS TO BE USED.
TO CHECK THE CURRENT PERFORMANCE OF
THE NETWORK AND MAINTAIN THE
SECURITY GOALS FOR THE FUTURE, THE
COMPANY NEEDS TO INSTALL A NGFW OR
NEXT GENERATION FIREWALL AND INSTALL
APPROPRIATE ANTIVIRUSES.
A RISK ANALYSIS TEST NEEDS TO BE
PERFORMED AND A SECURITY AUDIT NEEDS
TO BE SCHEDULED IN A ROUTINE MANNER
TO CHECK THE VULNERABILITIES THAT THE
Document Page
REFERENCES
COMODO CERTIFICATE HACK—IT GETS WORSE - BRAVATEK.COM. [ONLINE] AVAILABLE AT:
HTTPS://BRAVATEK.COM/COMODO-CERTIFICATE-HACK-IT-GETS-WORSE/
DOTTI ONLINE SHOP | SHOP THE LATEST WOMENS CLOTHING, DRESSES & FASHION [ONLINE].
AVAILABLE AT: HTTPS://WWW.DOTTI.COM.AU/ [ACCESSED 2018]
KHAN, S., ZHANG, Z., ZHU, L., LI, M., SAFI, K., GUL, Q. AND CHEN, X., 2018. ACCOUNTABLE AND
TRANSPARENT TLS CERTIFICATE MANAGEMENT: AN ALTERNATE PUBLIC-KEY INFRASTRUCTURE
WITH VERIFIABLE TRUSTED PARTIES. SECURITY AND COMMUNICATION NETWORKS, 2018.
PARKINSON, S.F., EMC CORP, 2014. CERTIFICATE CROSSCHECKING BY MULTIPLE CERTIFICATE
AUTHORITIES. U.S. PATENT 8,850,208.
1 out of 12
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.