comodo hacker info at erratasec

Robert Graham has a great series of posts concerning the recent Comodo SSL hack. Start with an intro to web certs, then “Comodo hacker” information, some interview pieces, and finally verifying his own private key. The hack itself illustrates the web of trust the Internet has placed us into (pun intended if you link that to SQLi attacks), specifically that someone else didn’t protect their trusted credentials very well which lead to trusted access into Comodo where other weaknesses were leveraged.

Try to not get too involved in the comments; there’s a wave of politicking in there…

Incidentally, he also has a fun terminology post about “cybersecurity” and “hackers.” I think I agree with his sentiments; I know and prefer to use the terms appropriately, but I also know how they are *really* used day-to-day outside our circles, and accept that.