SIT735 - Comodo Hack: Dotti Fashion Risk Assessment & Mitigation

This report examines the impact of the Comodo certificate hack on Dotti Fashion, a medium-sized company that recently expanded its online presence. The compromise of the Comodo Certification Authority poses significant risks, including the potential compromise of Dotti's registration server, partner accounts, and user traffic redirection to fake sites. The report identifies issues such as the exploitation of the PKI environment, malware diffusion, and the installation of malicious codes. To mitigate these risks, the report proposes solutions such as appointing a security researcher, creating a SHA1 fingerprint map, regular website data backups, monitoring XSS and SQL injections, and implementing a web application firewall. Additional recommendations include enforcing strong passwords, removing the autofill option, dividing the network into manageable zones, revising security policies, educating employees, using VPNs, updating software and patches, utilizing an Intrusion Prevention System (IPS) and Next-Generation Firewall (NGFW), and conducting routine risk analysis and security audits. The report concludes by emphasizing the importance of proactive security measures to protect Dotti Fashion from potential cyber threats.