Here we go again..

[Guest]

[Melih]

http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx

They have known about this for 2 days and haven't reported to us (as far as I know), leaving users at risk. Not following responsible disclosure guidelines only puts end users at risk.

Why didn't they report it to Comodo as soon as they found out? What is more important fame seeking self publicity or protecting end users?

As to DV issue: Donna simply doesn't get it! DV cert is a product where there is no identity validation done. This one was a trial ssl we provide. Those people have got the ssl for free. Donna, ignorance is dangerous, pls learn about the issues with DV and put your efforts to good use and try to get rid of DV so that a DV cert should not result in a trust indicator like the Yellow padlock. Write to www.cabforum.org asking them to rid DV, like I am doing.

Also for reporting any malicious sites that are using certs pls use the www.ccssforum.org  (http://www.ccssforum.org/contact.php ) reporting so that relevant companies can act on it.

I hope Donna will stop this silly witch hunt that she has unnecessarily engaged in and use her efforts for a good purpose of getting rid of DV Certs so that people do not gain yellow padlocks for malicious activity.

Melih

PS: This cert was revoked within 4 minutes of us being aware of it!

Edit: 12th July: The bloggers name is Corrine apparently and not Donna (however we still have issues with Donna for spreading lies).

[kail]

I wonder if it's just Malware Destructor 2009 that is being malicious here.

[John Buchanan]

I left a response on the site in defense of Comodo.

[Melih]

And its been over a week and she still hasn't put my response to her post on her site Surprise Surprise!

http://securitygarden.blogspot.com/2009/07/parents-beware-of-comodo-firewall.html

I responded to her site on July 4th... and knowing the possibility of them censoring my post, i took a snapshot of my screen as I posted it.....7 days on... they rather censor what their users read...welldone Donna! Somehow I had a hunch that being concerned about telling the truth to her readers wasn't the first thing in her mind

Today its 11th July, they still continue to spread the lies and haven't changed a thing...

Your sole purpose is a witchhunt against Comodo.. I hope you are being paid well for that

Melih

Clarification: my statements were directed towards the original blogger Donna

[LeoniAquila]

Shame is the word.

[Endymion]

The DV cert involved in http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx
was apparently issued for safe-pay-vault.com a domain created on 2009-07-03

safe-pay-vault.com was not registered by "ISystem Inc"

safe-pay-vault.com (95.168.163.99) doesn't belong to Rcp.net range [206.53.48.0-206.53.63.255] mentioned in some blog.

Indeed with little help from some blogger it would be possible to confirm that at some point safe-pay-vault.com was linked from a site that could be related to "ISystem Inc"...

Though it is rather unsettling to confirm those who actually leverage on such hindsight arguments to argue about reputation aren't average Joes...

Guess the only clear victors are malware authors and those who leverage on the ongoing FUD and claim that it is possible for some DV services to be unaffected.

Nevertheless many advices implicitly based on the assumption that magic wands actually exist will pop around for sure.

[3xist]

Sure... They can continue to post mis-leading comments. Why do they bother to even put the time into posting half-cocked statements? Are they scared?

Donna... Please come to our forums and tell us why... We will Welcome you pleasantly, Because your not doing a favor posting misleading comments. You're not understanding DV issues, And the facts and background that surrounds around it.

Cheers,
Josh

[Wahey!]

You absolute bunch of clowns! As if anyone of any standing would soil their hands with your grubby little board.

We should hack her site and post the truth

You showed keep your mods in check, melih. Such comments are not something that should be available for the general public to see.

btw, I also saved this thread for reference.

[Dch48]

Obviously , Donna and her cohorts have no qualms about spreading disinformation and quashing any attempts to set the record straight.

[axl]

We should hack her site and post the truth 


Just joking 

This Toggie absolutely has to go.
This is something which should not even be mentioned in jest by a moderator on a security forum.

Melih needs to make a personal apology for this; it is already flying all over the security forums!

[Dch48]

I don't think anyone should apologize since the comment was meant to show that hacking the site would be the only way to post the truth without it getting deleted. They need to apologize for censoring the facts.

[BigMike]

As if anyone of any standing would soil their hands with your grubby little board.

You're here, not? And the "grubby little board" has more than 75,000 members...

You showed keep your mods in check, melih. Such comments are not something that should be available for the general public to see.

btw, I also saved this thread for reference.

Hm, I share your opinion - this shouldn't be proposed by a mod - but be moderated...
But on the one hand, you tell Melih he should censor this opinion posted by a voluntary mod, on the other hand, you're afraid of anything is modified, so you're saving this thread for reference?
It's very hard to decide which posts should remain public and which should be removed. I'm glad, that you can post almost any opinion here without being censored. And I'm glad that I don't have to make this decission in some cases...

Melih needs to make a personal apology for this; it is already flying all over the security forums!

Again - the mods are voluntary - I can't see, why Melih needs to apologize for this - maybe Toggie should do...

[Endymion]

I'm not sure if something obviously meant as a joke should warrant an excuse whereas the ongoing topic was meant to address something not said as a joke.

Though I come to understand that the best jokes are those which are said seriously...

[3xist]

Hi Guys

I talked to Toogie. I do also apologize on his part, He obviously did NOT mean it, But I asked him to edit his post.

Let's keep on thread title for now on...

Cheers,
Josh

[axl]

I talked to Toogie. I do also apologize on his part, He obviously did NOT mean it, But I asked him to edit his post.

Comodo's reputation is already severely damaged.
As I said before, under NO circumstances, whether serious or in jest, should a moderator of a security forum EVER suggest that hacking a website might be an option.

Melih can do damage control now, or he can try later, but he MUST do damage control, and IMO the sooner the better.

[Tags:]