Comodo hacker reveals Mozilla private key

Powered by SC Magazine
 

Only Comodo or hacker know this detail.

The self-proclaimed Iranian Comodo hacker has published the private RSA encryption key for Mozilla’s addons domain, which a British security firm confirmed could only have been known by the hacker or Comodo. 

For some real dumbs ... WHO STILL thinks I'm not the hacker, here is mozilla addon's certificate, check it's serial with one published on all the internet,” the hacker said in the latest of a flurry of posts on Pastebin. 

The private RSA key corresponded to the publicly available fake SSL certificate for addons.mozilla.org, according to Paul Mutton, security researcher at Bristish security firm, Netcraft.

“Only Comodo, the affiliate, or the hacker could have known this secret key,” said Mutton on Tuesday

Mozilla's addon domain was one of nine that were exposed to the fraudulently issued certificates.

The latest detail may settle ongoing doubts over the authenticity of the Comodo hacker’s claims. 

The Comodo hacker's release of a sample of DLL source code from the compromised server that was used to generate the fraudulant certificates fell short of concrete evidence.

“Comodo publishes the API that RAs [Registration Authority] used to integrate with its systems, so anybody could produce a similar DLL,” wrote Ars Technica’s Peter Wright. However he added that the DLL code was “pretty compelling” evidence that the person, at the very least, had some involvement in the hack.

The publication of RSA private key has produced a new threat, according to Netcraft's Mutton. 

"The publication of the private key introduces a widespread risk of man-in-the-middle attacks against Mozilla Add-ons users,” he said, adding that most browser users should be protected if they were using an updated version. 

The hacker's most recent Pastebin post sheds more light on exactly how he breached Comodo's certificate authority system, including a custom made keylogger. 

"After breach in insantssl.it, as you know default IIS configuration doesn't let you to do so much thing, getting SYSTEM (highest level in windows OS, like root in *nix) shell from that server with all updates installed and AVG Anti-Virus wasn't easy."

"After that I even installed keylogger on their server and I was monitoring administrators who logged in, keylogger was mine which bypasses all AV and Firewalls (including Kaspersky heuristic engine to Comodo Internet Security). So do not try to make it look simple."

Copyright © iTnews.com.au . All rights reserved.


Comodo hacker reveals Mozilla private key
 
 
 
Top Stories
Abbott brings back Science minister in cabinet reshuffle
Science tacked onto to Industry title.
 
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1920

Vote
Do you support the abolition of the Office of the Information Commissioner?