Comodo - News, Features, and Slideshows


  • 'Secure' advertising tool PrivDog compromises HTTPS security

    New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.

  • Certificate Authorities Form Group to Educate on SSL Best Practices

    Responding to the increasing number of threats aimed at certificate authorities and the ecosystem of trusted online transactions they represent, seven certificate authorities have come together to form an advocacy group to advance security standards and promote best practices.

  • SSL certificate industry should be replaced: security specialist

    The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that.

  • Opinion: the real security issue behind the Comodo hack

    News of an Iranian hacker duping certification authority Comodo [1] into issuing digital certificates to one or more unauthorized parties has caused an uproar in the IT community, moving some critics to call for Microsoft and Mozilla to remove Comodo as a trusted root certification authority from the systems under their control. Though the hacker managed his feat by first compromising a site containing a hard-coded logon name and password, then generating certificates for several well-known sites, including Google,, Skype, and Yahoo, I'm not bothered by the technical issue. Instead, my main concern over Public Key Infrastructure (PKI) and digital certification is that users don't understand it.
    For the most part, people don't care about digital certificates and the security they could provide. I have a hard time getting worked up about a system error that 99 percent of users simply ignore.
    PKI is not the culprit