Nine valid but fraudulent certificates have been issued for major Internet sites -- including Google mail, Microsoft Live, and Yahoo -- raising the possibility of undetectable phishing, man-in-the-middle and drive-by download attacks, multiple advisories stated on Wednesday.
The secure sockets layer (SSL) certificates, issued by root certificate authority Comodo, allow the attackers to sign fraudulent sites and content. The certificates were issued because of a compromise at a registration authority (RA) using stolen log-in credentials for one of Comodo's European partners, according to the company's report on the incident.
Comments