As Internet users, we have always been taught to be mindful of the sites we visit, as some of them may very well be designed specifically to lure unsuspecting visitors into a fraudulent trap. Asides from checking the URL of the site that one is on or logging into, one of the biggest “rules” for web safety is to ensure that you are connecting security to a website. This can be seen when one visits a page that begins with “https://” instead of the traditional “http://”, and in many cases (depending on browser) sports an animated lock. What this does is verify that the connection between you and the server is free of eavesdroppers, and that the server that you are connecting to belongs to the company, group, or organization that you intend.
In order to verify the identity of servers for these secure connections, large organizations known as “certificate authorities” (CA’s) sell certificates that the server/site administrator configures on their end to establish their identity during secure data transactions. However, to ensure that your average shmuck can’t write his or her own certificate, these certificate authorities must validate the certificates as connections occur. To do this, the vendors of modern web browsers allow the certificate authorities to check the validity of a secure certificate with the authorities server via the browser itself. In essence, the browser reads the certificate provided by the website and “phones home” to make sure it’s legitimate.
While this definitely helps to combat the number of phishing and scam sites on the Internet, it is heavily dependent on the security of the certificate authorities’ infrastructure. After all, if a certificate authority could be hacked so that any otherwise invalid certificate was given the green light, it definitely would not be of much use. This is why the developers of web browsers are very picky about who they allow to authorize secure certificates.
On Wednesday, certificate authority Comodo was the subject of a data breach where hackers made attempts to generate and obtain fraudulent security certificates so that they could pose as seemingly legitimate websites in order to harvest the security credentials and personal information of unsuspecting end-users.
While the identities of the person, persons, or group behind the breach or their motive are not known as of the time of writing (although the finger is currently being pointed at Iran), the important thing is that the intrusion was detected Wednesday morning and there have yet to be any reports of users victimized by the attack. However, in the aftermath of the breach, users are being urged to update their web browsers to the latest version to ensure that they are not susceptible to fraudulent websites.
As cruel as it may sound, I am honestly glad that this security breach occurred. You see, this event simply illustrated a fault in web security; a practice that is not bulletproof by any stretch of the imagination. Even with the rapid detection, this whole scenario could have easily been a lot worse. Imagine if the culprits actually went through with a plan and began stealing personal information. Not a comforting thought, is it? With this experience under our belt I honestly think the Internet as a whole need to be re-evaluated in terms of security, and more importantly, users need to be aware that even with the security mechanisms in place now the potential for a similar attack is always going to be lingering.
In regards to Comodo, I think it’s an understatement to say that they’ve lost a bit of credibility.