SIT735 Assessment: Comodo Certificate Hack Technical Report Analysis
VerifiedAdded on Ā 2023/06/10
|12
|2868
|341
Report
AI Summary
This technical report examines the Comodo Certificate Hack and its implications for a medium-sized online retail business, Dotti. The report details the security risks posed by the hack, including compromised digital certificates, potential for phishing, malware diffusion, and data breaches. It explores how the hack can compromise the integrity of Public Key Infrastructure (PKI) and expose the company to financial and reputational damage. The report proposes several solutions, such as appointing a security researcher, utilizing SSL blacklists, implementing strong password policies, creating data backups, monitoring for XSS and SQL injections, and utilizing a web application firewall. The report emphasizes the importance of prompt implementation of these measures to safeguard Dotti's online transactions, protect customer data, and prevent future cyberattacks, particularly given the company's recent expansion in the online fashion retail market.
Contribute Materials
Your contribution can guide someoneās learning journey. Share your
documents today.
Running head: COMODO CERTIFICATE HACK
COMODO CERTIFICATE HACK
Name of the University
Name of the student
Student number
Author Note
COMODO CERTIFICATE HACK
Name of the University
Name of the student
Student number
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1COMODO CERTIFICATE HACK
Executive summary
In the following assignment, the effect of Comodo Certificate Fraud Hack on a particular
organization has been taken as the prime scenario. The Comodo certificate has been
researched in detail and the risks that the hack poses on the small and medium sized
enterprises dealing with online transactions has been assessed. The technical report contains a
brief introduction about the topic and the investigation aims. The body of the report contains
an introduction of the security problem, the issues that it poses for the organization and the
proposed solution to mitigate or reduce the issues as discussed. In the conclusion section, a
summary of the report has been provided and the importance of the proposed solution has
been assessed. In the recommendations section, a list of steps have been proposed that needs
to be undertaken by the chosen company. The proposed solution for the discussed security
problem has been assessed and evaluated to provide a well justified, feasible and cost
effective solution to maintain the security integrity of the company.
Executive summary
In the following assignment, the effect of Comodo Certificate Fraud Hack on a particular
organization has been taken as the prime scenario. The Comodo certificate has been
researched in detail and the risks that the hack poses on the small and medium sized
enterprises dealing with online transactions has been assessed. The technical report contains a
brief introduction about the topic and the investigation aims. The body of the report contains
an introduction of the security problem, the issues that it poses for the organization and the
proposed solution to mitigate or reduce the issues as discussed. In the conclusion section, a
summary of the report has been provided and the importance of the proposed solution has
been assessed. In the recommendations section, a list of steps have been proposed that needs
to be undertaken by the chosen company. The proposed solution for the discussed security
problem has been assessed and evaluated to provide a well justified, feasible and cost
effective solution to maintain the security integrity of the company.
2COMODO CERTIFICATE HACK
Table of Contents
Introduction................................................................................................................................3
Body...........................................................................................................................................3
About the chosen organization...............................................................................................3
Reason for concern.................................................................................................................3
Security risks that the company can face...............................................................................4
Other major security issues....................................................................................................5
Proposed solution...................................................................................................................6
Conclusion..................................................................................................................................8
Recommendations......................................................................................................................8
References................................................................................................................................10
Table of Contents
Introduction................................................................................................................................3
Body...........................................................................................................................................3
About the chosen organization...............................................................................................3
Reason for concern.................................................................................................................3
Security risks that the company can face...............................................................................4
Other major security issues....................................................................................................5
Proposed solution...................................................................................................................6
Conclusion..................................................................................................................................8
Recommendations......................................................................................................................8
References................................................................................................................................10
3COMODO CERTIFICATE HACK
Introduction
In the following assignment, a technical report about a particular organization has
been provided regarding the Comodo certificate fraud hack. The chosen organization which
has been assessed in the assignment has been chosen as a medium sized organisation which
deals with commercial transactions electronically. The name of the organization that has been
chosen is Dotti and employs approximately 100 people. The security risks that the certificate
hack has over the mentioned organization has been assessed conclusively and a well justified,
feasible and cost effective solution has been provided to maintain the integrity of the security
network.
Body
About the chosen organization
Dotti is a fashion online retail store that conducts its business through the internet for
commercial transactions. The medium sized organization was founded more than a decade
ago but recently after the acquisition by The Just Group the company has expanded
extensively throughout New Zealand and Australia. The company launched its online store
in 2012 and plans to conquer the fashion industry of Australia within a span of 10 years
(Dotti Online Shop 2018). The company deals with a number of fashion items such as
dresses, tops, jackets, bottoms, shoes and other accessories.
Reason for concern
Every company including Dotti has to use a digital certificate to identify who is
initiating the transaction and associate it with the public key. The certificate is then associated
Introduction
In the following assignment, a technical report about a particular organization has
been provided regarding the Comodo certificate fraud hack. The chosen organization which
has been assessed in the assignment has been chosen as a medium sized organisation which
deals with commercial transactions electronically. The name of the organization that has been
chosen is Dotti and employs approximately 100 people. The security risks that the certificate
hack has over the mentioned organization has been assessed conclusively and a well justified,
feasible and cost effective solution has been provided to maintain the integrity of the security
network.
Body
About the chosen organization
Dotti is a fashion online retail store that conducts its business through the internet for
commercial transactions. The medium sized organization was founded more than a decade
ago but recently after the acquisition by The Just Group the company has expanded
extensively throughout New Zealand and Australia. The company launched its online store
in 2012 and plans to conquer the fashion industry of Australia within a span of 10 years
(Dotti Online Shop 2018). The company deals with a number of fashion items such as
dresses, tops, jackets, bottoms, shoes and other accessories.
Reason for concern
Every company including Dotti has to use a digital certificate to identify who is
initiating the transaction and associate it with the public key. The certificate is then associated
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4COMODO CERTIFICATE HACK
with the web service of the private company (here Dotti). The certificate is then recognized
by the CA or Certification Authority which is an amalgamation of trusted parties. These
certificates are normally used for public key cryptography. Whenever a customer requires a
request for transaction from the mentioned company, the CA produces a digital certificate
after verifying the certificate of the applicant. These registration verification of the
certificates (of the customers) can be done by anyone as the digital certificates are maintained
by the CA in a public register (Comodo certificate hack 2018). Every certificate that is
associated with Dotti has a validity for a particular time.
After news broke out that the Certification authority or CA called Comodo was duped
by an Iranian hacker it caused a major concern in the IT community. The community has
even urged prominent companies like Mozilla and Microsoft to remove Comodo as a proper
trustable root security authenticator (Comodo hack may reshape browser security 2018). A
site was compromised at fast which had a hard coded password and login name as per the
statement of the Iranian Hacker and certificates were randomly generated for prominent
websites such as Yahoo, Skype, Live.com and Google for targeting the attack (LOO 2017). In
this way, the Public key infrastructure or PKI and the digital certification integrity of the
company was compromised which can put the company at serious risk if proper steps are not
taken.
Security risks that the company can face
Due to the hack, since 2011, major companies have been attacked without prior
notification which had some serious repercussions. The registration server of the mentioned
company (Dotti) can get compromised due to the certification hack. The partners which are
currently working for the mentioned company can also get compromised and their passwords
and login details can be stolen through the exploit. The exploit can be used to issue different
with the web service of the private company (here Dotti). The certificate is then recognized
by the CA or Certification Authority which is an amalgamation of trusted parties. These
certificates are normally used for public key cryptography. Whenever a customer requires a
request for transaction from the mentioned company, the CA produces a digital certificate
after verifying the certificate of the applicant. These registration verification of the
certificates (of the customers) can be done by anyone as the digital certificates are maintained
by the CA in a public register (Comodo certificate hack 2018). Every certificate that is
associated with Dotti has a validity for a particular time.
After news broke out that the Certification authority or CA called Comodo was duped
by an Iranian hacker it caused a major concern in the IT community. The community has
even urged prominent companies like Mozilla and Microsoft to remove Comodo as a proper
trustable root security authenticator (Comodo hack may reshape browser security 2018). A
site was compromised at fast which had a hard coded password and login name as per the
statement of the Iranian Hacker and certificates were randomly generated for prominent
websites such as Yahoo, Skype, Live.com and Google for targeting the attack (LOO 2017). In
this way, the Public key infrastructure or PKI and the digital certification integrity of the
company was compromised which can put the company at serious risk if proper steps are not
taken.
Security risks that the company can face
Due to the hack, since 2011, major companies have been attacked without prior
notification which had some serious repercussions. The registration server of the mentioned
company (Dotti) can get compromised due to the certification hack. The partners which are
currently working for the mentioned company can also get compromised and their passwords
and login details can be stolen through the exploit. The exploit can be used to issue different
5COMODO CERTIFICATE HACK
digital certificates and can be used in several countries if it is not discovered immediately
causing huge damage for the company financially as well as in reputation (Independent
Iranian Hacker Claims Responsibility 2018). As a websiteās legitimacy is validated through
SSL certificates, it assures the user that they have connected to the actual site. The hack could
potentially transfer the user traffic of the company to a fake site and cause irreparable damage
to its reputation. Moreover, Dotti could also get affected by several lawsuits due to failure of
discovering the vulnerability and revoking it as soon as possible. The basic security of the site
will get compromised and users will refuse to perform online commercial transactions from
Dottiās website which will affect their profit margin as well. Hackers will be able to intercept
the sensitive data that goes between the site and the browser which is normally encrypted
(Comodo hacker 2018).
Moreover, the generation of fraudulent certificates can allow the hackers to put in
attack tools in the server itself that can be used to compromise it later. Even after issuing of
the certificates are closed, the hackers will be still able to compromise the system internally.
The CA infrastructure can be compromised and valuable user information can be stolen like
transaction credentials which can put Dotti at serious risk considering that it is yet to become
a large scale corporation to compete effectively in Australia with its other retail competitors.
The hackers can also implement DDoS tool in the server which can remain dormant in the
server for around 4 years if it is left undiscovered (How Cybercrime Exploits Digital
Certificates 2018). Data breaches will become common for the company which will result in
the loss of its customers. The hackers will be able to carry out other illicit activities such as
malware diffusion, sabotage and cyber espionage.
Other major security issues
digital certificates and can be used in several countries if it is not discovered immediately
causing huge damage for the company financially as well as in reputation (Independent
Iranian Hacker Claims Responsibility 2018). As a websiteās legitimacy is validated through
SSL certificates, it assures the user that they have connected to the actual site. The hack could
potentially transfer the user traffic of the company to a fake site and cause irreparable damage
to its reputation. Moreover, Dotti could also get affected by several lawsuits due to failure of
discovering the vulnerability and revoking it as soon as possible. The basic security of the site
will get compromised and users will refuse to perform online commercial transactions from
Dottiās website which will affect their profit margin as well. Hackers will be able to intercept
the sensitive data that goes between the site and the browser which is normally encrypted
(Comodo hacker 2018).
Moreover, the generation of fraudulent certificates can allow the hackers to put in
attack tools in the server itself that can be used to compromise it later. Even after issuing of
the certificates are closed, the hackers will be still able to compromise the system internally.
The CA infrastructure can be compromised and valuable user information can be stolen like
transaction credentials which can put Dotti at serious risk considering that it is yet to become
a large scale corporation to compete effectively in Australia with its other retail competitors.
The hackers can also implement DDoS tool in the server which can remain dormant in the
server for around 4 years if it is left undiscovered (How Cybercrime Exploits Digital
Certificates 2018). Data breaches will become common for the company which will result in
the loss of its customers. The hackers will be able to carry out other illicit activities such as
malware diffusion, sabotage and cyber espionage.
Other major security issues
6COMODO CERTIFICATE HACK
The hackers can use the Comodo certificate hack as a medium to get into the PKI
environment. They can use the hack to improve the diffusion of malwares in the server of the
mentioned company, Dotti. As Comodo is envisioned as a trusted entity, the attackers can
easily manipulate a companyās website to sign malicious codes as well as reducing the
chances of malware detection (Solo Iranian hacker takes credit for Comodo certificate 2018).
The attackers can also remotely install Trojan into the companyās server disrupting every
transaction that happens in the database of the company. They can compromise the build
server of the mentioned company by signing the malware through other digital certificates
such as Adobe along with Comodo to increase the chances of fair validation of codes. They
will also have the capability to install infected ISAPI filter, password dumper and a number
of malicious codes. They can also create new trojans with the stolen digital signature and
enhance it to prevent detection.
Dotti, being an online fashion retailer has to go through a number of digital signatures
to check which institution issued and which person signed the certificate. The Comodo
certificate hack can result in the loss of identity for the customers resulting in serious
implications. The certificate hack could lead to stealing of other digital certificates and
valuable information with the help of malicious agents (Parkinson 2014). The associated
malicious certificate can fool the users in thinking that the site of Dotti is actually real, when
it isnāt and is just a medium for phishing passwords and login IDs.
Proposed solution
The proposed solution for Dotti for tackling the mentioned situation is by appointing a
security researcher who will have access to the SSL black list that has a collection of the
digital certificates like Comodo which are used for malignous purposes (Zhu, Amann and
Heidemann 2016). This list was created by a Swiss organization named Abuse.sh and has
The hackers can use the Comodo certificate hack as a medium to get into the PKI
environment. They can use the hack to improve the diffusion of malwares in the server of the
mentioned company, Dotti. As Comodo is envisioned as a trusted entity, the attackers can
easily manipulate a companyās website to sign malicious codes as well as reducing the
chances of malware detection (Solo Iranian hacker takes credit for Comodo certificate 2018).
The attackers can also remotely install Trojan into the companyās server disrupting every
transaction that happens in the database of the company. They can compromise the build
server of the mentioned company by signing the malware through other digital certificates
such as Adobe along with Comodo to increase the chances of fair validation of codes. They
will also have the capability to install infected ISAPI filter, password dumper and a number
of malicious codes. They can also create new trojans with the stolen digital signature and
enhance it to prevent detection.
Dotti, being an online fashion retailer has to go through a number of digital signatures
to check which institution issued and which person signed the certificate. The Comodo
certificate hack can result in the loss of identity for the customers resulting in serious
implications. The certificate hack could lead to stealing of other digital certificates and
valuable information with the help of malicious agents (Parkinson 2014). The associated
malicious certificate can fool the users in thinking that the site of Dotti is actually real, when
it isnāt and is just a medium for phishing passwords and login IDs.
Proposed solution
The proposed solution for Dotti for tackling the mentioned situation is by appointing a
security researcher who will have access to the SSL black list that has a collection of the
digital certificates like Comodo which are used for malignous purposes (Zhu, Amann and
Heidemann 2016). This list was created by a Swiss organization named Abuse.sh and has
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7COMODO CERTIFICATE HACK
been part of major investigations regarding botnets and Trojan viruses. To conduct the online
commercial transactions securely, checking the SSL black list from time to time is a well
justified and cost effective solution. Dotti can also create a map of SHA1 fingerprints which
are linked to botnet and malware activities. The Black list will also enable the mentioned
company to detect C&C traffic like Shylock and VMZeuS (Specter 2016). Dotti needs to
keep a track on the latest digital certificate abuse news to keep a track on internet surveillance
and malware distribution. The list will allow Dotti to prevent cyber-attacks and maintain their
online transactions secure in the future. The security expert, if appointed by the company will
be able to deal with future botnet and malware operations reliably after the database of the
affected certificates like Comodo certificate matures (Tschofenig and Gondrom 2013).
The company needs to update its software regularly to prevent the hackers from
getting a backdoor into the online transaction server. The risks from the Comodo certificate
hack can also be reduced by backing up the website data regularly by creating manual and
automatic backups. The XSS or cross site scripting and SQL injections need to be monitored
carefully through queries which are parameterized to check unusual insertion of codes in the
server of the mentioned company (Weaknesses in SSL certification exposed by Comodo
security 2018). Usage of strong passwords is mandatory and double authentication should be
made mandatory for every user of the companyās website. The second password can be
created through SMS, hard and soft tokens (Khan et al. 2018). The hack could potentially
transfer the user traffic of the company to a fake site and cause irreparable damage to its
reputation. Moreover, Dotti could also get affected by several lawsuits due to failure of
discovering the vulnerability and revoking it as soon as possible. The company needs to
appoint a proper security team which will have the ability to check uploaded files with
suspicion and monitor the activity of the uploaded files.
been part of major investigations regarding botnets and Trojan viruses. To conduct the online
commercial transactions securely, checking the SSL black list from time to time is a well
justified and cost effective solution. Dotti can also create a map of SHA1 fingerprints which
are linked to botnet and malware activities. The Black list will also enable the mentioned
company to detect C&C traffic like Shylock and VMZeuS (Specter 2016). Dotti needs to
keep a track on the latest digital certificate abuse news to keep a track on internet surveillance
and malware distribution. The list will allow Dotti to prevent cyber-attacks and maintain their
online transactions secure in the future. The security expert, if appointed by the company will
be able to deal with future botnet and malware operations reliably after the database of the
affected certificates like Comodo certificate matures (Tschofenig and Gondrom 2013).
The company needs to update its software regularly to prevent the hackers from
getting a backdoor into the online transaction server. The risks from the Comodo certificate
hack can also be reduced by backing up the website data regularly by creating manual and
automatic backups. The XSS or cross site scripting and SQL injections need to be monitored
carefully through queries which are parameterized to check unusual insertion of codes in the
server of the mentioned company (Weaknesses in SSL certification exposed by Comodo
security 2018). Usage of strong passwords is mandatory and double authentication should be
made mandatory for every user of the companyās website. The second password can be
created through SMS, hard and soft tokens (Khan et al. 2018). The hack could potentially
transfer the user traffic of the company to a fake site and cause irreparable damage to its
reputation. Moreover, Dotti could also get affected by several lawsuits due to failure of
discovering the vulnerability and revoking it as soon as possible. The company needs to
appoint a proper security team which will have the ability to check uploaded files with
suspicion and monitor the activity of the uploaded files.
8COMODO CERTIFICATE HACK
Special software such as web application firewall can be used by the company to filter
any hacking attempts and provide an extra layer of protection. To protect its customers, Dotti
can remove the auto fill option from its website to prevent the hackers from stealing sensitive
customer information (Preneel 2015).
Dotti can also create its own register of digital certificates just like Google (which has
its own database known as Certificate Transparency Project) to detect SSL certificates which
are wrongfully issued by CA like Comodo from a certificate authority which is
unimpeachable.
Conclusion
To conclude the report, it can be stated that Dotti needs to properly enforce the
proposed solution as soon as possible to prevent any future damage to its reputation. In the
technical report, the cyber security issue has been discussed conclusively and the seriousness
of the concern has been highlighted with respect to the mentioned company. The report
discusses the risks that the company can face due to the Comodo Certificate hack and
proposes several solutions that can be implemented to reduce the chances of a security threat
from the discussed problem. The company needs to implement proper public key
cryptography and impose several authentication steps to prevent the loss of information
during an online transaction. As the company has recently started the online fashion retail
platform, the solutions need to be implemented immediately so that the company can stay
above its competitors in terms of customer information security and data integrity.
Special software such as web application firewall can be used by the company to filter
any hacking attempts and provide an extra layer of protection. To protect its customers, Dotti
can remove the auto fill option from its website to prevent the hackers from stealing sensitive
customer information (Preneel 2015).
Dotti can also create its own register of digital certificates just like Google (which has
its own database known as Certificate Transparency Project) to detect SSL certificates which
are wrongfully issued by CA like Comodo from a certificate authority which is
unimpeachable.
Conclusion
To conclude the report, it can be stated that Dotti needs to properly enforce the
proposed solution as soon as possible to prevent any future damage to its reputation. In the
technical report, the cyber security issue has been discussed conclusively and the seriousness
of the concern has been highlighted with respect to the mentioned company. The report
discusses the risks that the company can face due to the Comodo Certificate hack and
proposes several solutions that can be implemented to reduce the chances of a security threat
from the discussed problem. The company needs to implement proper public key
cryptography and impose several authentication steps to prevent the loss of information
during an online transaction. As the company has recently started the online fashion retail
platform, the solutions need to be implemented immediately so that the company can stay
above its competitors in terms of customer information security and data integrity.
9COMODO CERTIFICATE HACK
Recommendations
To prevent the Comodo Certificate hack from affecting its organizational performance
and online transactions, Dotti needs to consider the following recommendations:-
ļ· A risk analysis test needs to be performed and a security audit needs to be scheduled
in a routine manner to check the vulnerabilities that the company is facing.
ļ· To check the current performance of the network and maintain the security goals for
the future, the company needs to install a NGFW or next generation firewall and
install appropriate antiviruses (Modi 2016).
ļ· To stop the attacking system and identifying the malicious attackers, IPS or Intrusion
prevention system needs to be used.
ļ· The software and patches needs to be checked if they are up to date to prevent the
latest threats.
ļ· VPN or Virtual private networks needs to be used to prevent man in the middle
attacks.
ļ· Employees need to be educated about the importance of access controls,
authentication and identity verification.
ļ· Security policies need to be revised and enforced accordingly to provide stronger
defences that can respond to HTTP as well as HTTPS attacks.
ļ· The network of the company needs to be divided into manageable zones and for the
working teams, multifactor authentication needs to be provided to manage the
mentioned scenario.
Recommendations
To prevent the Comodo Certificate hack from affecting its organizational performance
and online transactions, Dotti needs to consider the following recommendations:-
ļ· A risk analysis test needs to be performed and a security audit needs to be scheduled
in a routine manner to check the vulnerabilities that the company is facing.
ļ· To check the current performance of the network and maintain the security goals for
the future, the company needs to install a NGFW or next generation firewall and
install appropriate antiviruses (Modi 2016).
ļ· To stop the attacking system and identifying the malicious attackers, IPS or Intrusion
prevention system needs to be used.
ļ· The software and patches needs to be checked if they are up to date to prevent the
latest threats.
ļ· VPN or Virtual private networks needs to be used to prevent man in the middle
attacks.
ļ· Employees need to be educated about the importance of access controls,
authentication and identity verification.
ļ· Security policies need to be revised and enforced accordingly to provide stronger
defences that can respond to HTTP as well as HTTPS attacks.
ļ· The network of the company needs to be divided into manageable zones and for the
working teams, multifactor authentication needs to be provided to manage the
mentioned scenario.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10COMODO CERTIFICATE HACK
References
Comodo certificate hackāit gets worse - bravatek.com. [online] Available at:
https://bravatek.com/comodo-certificate-hack-it-gets-worse/
Comodo hack may reshape browser security - CNET. [online] Available at:
https://www.cnet.com/news/comodo-hack-may-reshape-browser-security/ [Accessed 2018].
Comodo hacker: I hacked DigiNotar too; other CAs breached .... [online] Available at:
https://arstechnica.com/information-technology/2011/09/comodo-hacker-i-hacked-diginotar-
too-other-cas-breached/ [Accessed 2018].
Dotti Online Shop | Shop the Latest Womens Clothing, Dresses & Fashion [online].
Available at: https://www.dotti.com.au/ [Accessed 2018]
How Cybercrime Exploits Digital Certificates. [online] Available at:
https://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/ [Accessed
2018].
Independent Iranian Hacker Claims Responsibility for .... [online] Available at:
https://www.wired.com/2011/03/comodo-hack/ [Accessed 2018].
Khan, S., Zhang, Z., Zhu, L., Li, M., Safi, K., Gul, Q. and Chen, X., 2018. Accountable and
Transparent TLS Certificate Management: An Alternate Public-Key Infrastructure with
Verifiable Trusted Parties. Security and Communication Networks, 2018.
LOO, W.S., 2017. Digital certificates: success or failure?.
Modi, S.N., 2016. ROLE OF TRUSTMARK IN ECOMMERCE. International Journal for
Innovations in Engineering, Management and Technology, 1(1), pp.35-40.
References
Comodo certificate hackāit gets worse - bravatek.com. [online] Available at:
https://bravatek.com/comodo-certificate-hack-it-gets-worse/
Comodo hack may reshape browser security - CNET. [online] Available at:
https://www.cnet.com/news/comodo-hack-may-reshape-browser-security/ [Accessed 2018].
Comodo hacker: I hacked DigiNotar too; other CAs breached .... [online] Available at:
https://arstechnica.com/information-technology/2011/09/comodo-hacker-i-hacked-diginotar-
too-other-cas-breached/ [Accessed 2018].
Dotti Online Shop | Shop the Latest Womens Clothing, Dresses & Fashion [online].
Available at: https://www.dotti.com.au/ [Accessed 2018]
How Cybercrime Exploits Digital Certificates. [online] Available at:
https://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/ [Accessed
2018].
Independent Iranian Hacker Claims Responsibility for .... [online] Available at:
https://www.wired.com/2011/03/comodo-hack/ [Accessed 2018].
Khan, S., Zhang, Z., Zhu, L., Li, M., Safi, K., Gul, Q. and Chen, X., 2018. Accountable and
Transparent TLS Certificate Management: An Alternate Public-Key Infrastructure with
Verifiable Trusted Parties. Security and Communication Networks, 2018.
LOO, W.S., 2017. Digital certificates: success or failure?.
Modi, S.N., 2016. ROLE OF TRUSTMARK IN ECOMMERCE. International Journal for
Innovations in Engineering, Management and Technology, 1(1), pp.35-40.
11COMODO CERTIFICATE HACK
Parkinson, S.F., EMC Corp, 2014. Certificate crosschecking by multiple certificate
authorities. U.S. Patent 8,850,208.
Preneel, B., 2015, May. Cryptography and Information Security in the Post-Snowden Era.
In TELERISE@ ICSE (p. 1).
Solo Iranian hacker takes credit for Comodo certificate .... [online] Available at:
https://www.computerworld.com/article/2507258/security0/solo-iranian-hacker-takes-credit-
for-comodo-certificate-attack.html [Accessed 2018].
Specter, M.A., 2016. The economics of cryptographic trust: understanding certificate
authorities (Doctoral dissertation, Massachusetts Institute of Technology).
Tschofenig, H. and Gondrom, T., 2013. Standardizing the Next Generation Public Key
Infrastructure. In Proc. of the Workshop on Improving Trust in the Online Market-place.
Weaknesses in SSL certification exposed by Comodo security .... [online] Available at:
https://www.infoworld.com/article/2623829/authentication/weaknesses-in-ssl-certification-
exposed-by-comodo-security-breach.html [Accessed 2018].
Zhu, L., Amann, J. and Heidemann, J., 2016, March. Measuring the latency and
pervasiveness of TLS certificate revocation. In International Conference on Passive and
Active Network Measurement (pp. 16-29). Springer, Cham.
Parkinson, S.F., EMC Corp, 2014. Certificate crosschecking by multiple certificate
authorities. U.S. Patent 8,850,208.
Preneel, B., 2015, May. Cryptography and Information Security in the Post-Snowden Era.
In TELERISE@ ICSE (p. 1).
Solo Iranian hacker takes credit for Comodo certificate .... [online] Available at:
https://www.computerworld.com/article/2507258/security0/solo-iranian-hacker-takes-credit-
for-comodo-certificate-attack.html [Accessed 2018].
Specter, M.A., 2016. The economics of cryptographic trust: understanding certificate
authorities (Doctoral dissertation, Massachusetts Institute of Technology).
Tschofenig, H. and Gondrom, T., 2013. Standardizing the Next Generation Public Key
Infrastructure. In Proc. of the Workshop on Improving Trust in the Online Market-place.
Weaknesses in SSL certification exposed by Comodo security .... [online] Available at:
https://www.infoworld.com/article/2623829/authentication/weaknesses-in-ssl-certification-
exposed-by-comodo-security-breach.html [Accessed 2018].
Zhu, L., Amann, J. and Heidemann, J., 2016, March. Measuring the latency and
pervasiveness of TLS certificate revocation. In International Conference on Passive and
Active Network Measurement (pp. 16-29). Springer, Cham.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
Ā +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Ā© 2024 Ā | Ā Zucol Services PVT LTD Ā | Ā All rights reserved.