Comodo issued fraudlent certificates

login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party...

Hacker Takes Credit For Attack on Comodo

Someone claiming to be the person behind last week’s attack on a registration authority tied to Comodo has posted an explanation of the methods he supposedly used and the reasons for the attack. The rambling, disjointed message claims that the Comodo attack was not the act of an organized,...

Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure !

Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure Message By Comodo Hacker : Hello I'm writing this to the world, so you'll know more about me.. At first I want to give some points, so you'll be sure I'm the hacker: I hacked Comodo from InstantSSL.it, their CEO's e-mail...

Mozilla Says It Erred in Not Disclosing Comodo Attack Earlier

Just days after news emerged of the attack on a registration authority in Europe tied to Comodo that caused the revocation of a number of fraudulent certificates from the major browsers, Mozilla officials have admitted that they made a mistake by not disclosing the details of the incident to its...

Iran Hackers targets Gmail and Skype with fake SSL hack !

Iran has tricked a web firm into issuing fake security certificates for Gmail, Skype, Hotmail and more. Comodo Group, a US-based certificate authority firm with 15% of the market, admitted that one of its affiliate's accounts in Southern Europe had been hacked, letting the attackers create fake S...

Fraudulent Comodo Certificates HTTPS Spoofing

A security breach had been reported at Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Nine of Comodo's digital certificates had been signed on behalf of a third party without sufficiently validating its...

Phony SSL Certificates issued for Google, Yahoo, Skype, Others

UPDATED: A major issuer of secure socket layer SSL certificates acknowledged on Wednesday that it had issued 9 fraudulent SSL certificates to seven Web domains, including those for Google.com, Yahoo.com and Skype.com following a security compromise at an affiliate firm. The attack originated from...

seamonkey security update

1.0.9-68.0.1.el48 - Add mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html and remove corresponding RedHat ones 1.0.9-68.el4 - Added fixes for mozbz642395 - ignore bogus Comodo certificates...

thunderbird security and bug fix update

3.1.9-3.0.1.el60 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball 3.1.9-3 - Added fixes for mozbz642395 - ignore bogus Comodo certificates 3.1.9-2 - Update to 3.1.9...

Comodo Dragon Internet Browser 6.0.0.10 DLL Hijacking Exploit

Exploit for windows platform in category local exploits ============================================================= Comodo Dragon Internet Browser 6.0.0.10 DLL Hijacking Exploit ============================================================= Title: Comodo Dragon Internet Browser 6.0.0.10 DLL...

Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)

Comodo Group Vendor : Kayako Infotech Ltd. URL : http://www.kayako.com/ Version : Kayako SupportSuite = 3.60.04 We've discovered multiple persistent cross site scripting vulnerabilities in the latest version of Kayako SupportSuite 3.60.04. Because of improper input validation an attacker...

Persistent XSS in Kayako Support Suite

Comodo Group Vendor : Kayako Infotech Ltd. URL : http://www.kayako.com/ Version : Kayako SupportSuite 3.04.10 We've discovered a persistent XSS vulnerability in Kayako Support Suite Version 3.04.10. Although other similar XSS and SQL injection vectors such GET requests/URLs and other vulnerable...

CVE-2008-1736

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...

Input validation

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...

Comodo防火墙SSDT钩子多个本地拒绝服务漏洞

BUGTRAQ ID: 28742 CVECAN ID: CVE-2008-1736 Comodo是一款功能强大的个人防火墙。 Comodo防火墙的NtDeleteFile、NtCreateFile和NtSetThreadContext函数没有正确地验证参数，本地攻击者可能利用此漏洞导致防火墙不可用。 NtDeleteFile只接收了一个参数，也就是指向OBJECTATTRIBUTES结构的指针，这些属性会包含ObjectName和SECURITYDESCRIPTOR。例如，以下是Comodo在NtDeleteFile所设置的钩子： /----------- NTDeleteFile...

CVE-2008-1736

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...

CVE-2008-1736

CVE-2008-1736 relates to Comodo Firewall Pro 2.4.18.184 where hooked SSDT functions do not properly validate arguments (notably NtDeleteFile, NtCreateFile, NtSetThreadContext). This can allow a local attacker to trigger a Denial of Service (system crash). The issue is described in CoreLabs CORE-2...

CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls Advisory Information Title: Insufficient argument validation of hooked...

Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls

Advisory ID Internal CORE-2008-0320 Advisory Information Title: Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls Advisory ID: CORE-2008-0320 Date published: 2008-04-28 Date of last update: 2008-04-28 Vendors contacted: BitDefender, Comodo, Sophos and...

Security feature bypass

A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method...