apparently Google reacted already a week ago ??? (meaning they can act without waiting for a Win Update)… and the issue was already known.

The Chrome Stable and Beta channels have been updated to 10.0.648.151 for Windows, Mac, Linux and Chrome Frame. [b]This release blacklists a small number of HTTPS certificates[/b]. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel?

not sure if that’s related to what’s being discussed here but according to an article I just read (Heise I think…) that is related.

http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developers-to-update-1213358.html

http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_17.html

… also just what I was thinking a few minutes ago (about Apple)

The update policies of Opera and Apple currently remain unknown

As SSL Certification is the core of Comodo security… This is a knock out, isn’t it?

Edited: Bad English

Opera has had OSCP enabled for quite a while. As for Safari - who cares ™

It sure is. ;D

well excuse me but I do care, check my sig :

ps: I hate Safari, but there’s no serious alternative on iDevices.

You mean the “Alliance for the Promotion of Avast Native Orange Skin”? ;D

yes ;D

I see Safari desktop has OCSP checking available - must be manually activated - but I have no idea if Safari iOs does… the settings interface for Safari is so poor on iOS that it’s impossible to find out. I guess some jailbreaking geeks should know that ;D

http://www.h-online.com/security/news/item/Worth-Reading-Certificate-Request-Ask-Later-814307.html

‘Iranian’ attackers forge Google’s Gmail credentials’
http://www.theregister.co.uk/2011/03/23/gmail_microsoft_web_credential_forgeries/

so this actually started on March 15, meaning that Google was the first and only one to react at the time.

SOPHOS: Fraudulent certificates issued by Comodo, is it time to rethink who we trust?

T3h noes, more paranoid blurb, futile attempts to avoid responsibility and mud flinging by Melih. Soooooo lame. :

like I said in a previous post, we might never know how it started. The Comodo guy didn’t talk until someone from the Tor network (attacked too btw) found out about Comodo fraudulent certs.

off topic but interesting:

Facebook traffic mysteriously passes through Chinese ISP

Why not take the Comodo issue directly to Comodo ???
It would be a lot nicer to do it directly on the Comodo forum. :0
Or are you afraid of the Comodo Dragon and would rather not post there ???

Because I already got banned there for posting about the issue? :

Bob the issue is:

1 solved now for us users, on most affected platforms
2 goes far beyond Comodo’s scope of actions; the issue is global, and Comodo was just the button that had to be triggered. Doesn’t mean that I trust their CEO’s version of how it happened.

If serious action is ever taken against Comodo >>> MS + Google + Yahoo + Skype + Mozilla etc… will do that. It’s pointless going to their forums to discuss the issue, while it remains interesting to comment it here.

Yeah that too. Plus the whole way this blunder has been kept secret for over a week has been completely stupid in the first place. There were easy actions to remedy the situation meanwhile by disabling Comodo’s and their resellers’ root certificates, on the other hand - I totally fail to see who benefited from non-disclosure (beyond the fraud guys). Certainly not users. This completely evades me. FAIL. :-X >:(

You’ve got banned because your posts intuito personae against Melih.
We have a problem, a situation.
You can post very hard without getting banned.

As solution, Firefox 4 and IE 9 are protected by default.
IE8 users should change manually a setting.
In any case, update Windows.

Hopefully this causes the industry players to audit not only their own security systems and policies, but those of their trusted partners as well. As the problem of transitive trust remains inherent in the PKI, it's about every link in the chain, not just your own.

+1

+1

Sadly - nope, even with FF4, OSCP is still not set to consider the certificate invalid when it cannot contact the OSCP server by default. So, this can repeat any time again without users knowledge.