Check Point Protects Against Fraudulent Comodo Digital Certificates
( Microsoft Security Advisory 2524375 )
Summary
A remote attack on an affiliate of Comodo, a major issuer of SSL certificates, resulted in nine fraudulent digital certificates being acquired by the attacker for sites such as Google, Yahoo, and Skype. These certificates may be used by malicious parties to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all web browsers.
Details
In mid-March, an attack originating from an IP address in Iran was mounted against a Comodo Registration Authority (RA) based in Southern Europe. The attacker was able to log into the RA and generate SSL certificates for the following domains:
- login.live.com
- mail.google.com (GMail)
- www.google.com
- login.yahoo.com (3 certificates)
- login.skype.com
- addons.mozilla.org
- "Global Trustee"
Affected Products
This issue affects all web browsers with SSL capability that have not had the fraudulent certificates added to their blacklists.
Solution
Check Point recommends that all browsers be kept updated to their latest versions. However, if your network is protected by Check Point's IPS Software Blade, all systems on it are afforded immediate protection against this vulnerability in the latest IPS update by detecting and blocking the fraudulent Comodo certificates for the domains listed above. For more information, see CPAI-2011-090.
Originally Published:
Last Updated: 24-Mar-2011