netsekure rng

random noise generator

Fraudulent SSL certificates

As many people are reporting today, there have been a few SSL certificates issued to a fraudulent party. The Comodo CA had an RA account compromised and used to issue certificates for some of the top web sites on the net. Their advisory is

All major browsers are updating to blacklist those certificates and I’d suggest you install updates as soon as you can to prevent possible attacks. Since none of the certificates have been seen in the wild, the chance is very very slim, but it doesn’t hurt to do an update.

It was very interesting to see Jacob Appelbaum correlate multiple sources of information to discover this independently from the actual announcement. I’ve been advocating that bad guys are already doing this, but very few people believe it. Now I hope this demonstrates that automated correlation can reveal lots of data. Furthermore Adam Langley has a good discussion why revocation has problems and we should be looking into how to improve the state of it.