In light of recent news:
The hacker, whose March 15 attack was traced to an IP address in Iran, compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.
The certificates would have allowed the attacker to craft fake pages that would have been accepted by browsers as the legitimate websites. The certificates would have been most useful as part of an attack that redirected traffic intended for Skype, Google and Yahoo to a machine under the attacker’s control. Such an attack can range from small-scale Wi-Fi spoofing at a coffee shop all the way to global hijacking of internet routes.
At a minimum, the attacker would then be able to steal login credentials from anyone who entered a username and password into the fake page, or perform a “man in the middle” attack to eavesdrop on the user’s session.
And because it is not the first time COMODO has screwed up, I’ve decided to turn off their root certificate from my browser (Safari). Here’s how you do that.
- Open Keychain Preferences (in /Applications/Utilities).
- Click on “System Roots” on the left pane.
- Seach for “COMODO”.
- Rigth-click on the certificat and select “Get Info”.
- Select “Never Trust”.
I’ve just done this so we’ll see if it has any effect on my general surfing experience.