Author Topic: SSP  (Read 59870 times)

Offline mikecz

  • Newbie
  • *
  • Posts: 19
Re: Bad Comodo Bad!!!
« Reply #105 on: August 01, 2009, 08:01:45 PM »
Well this may become more of an issue if the reports of out of the DEFCON conference prove correct. It appears there is a not too sophisticate way to 'spoof' a DV level cert so a hacker can intercept data or even post what your system thinks is an update to install a virus. The article specifically states is only DV certs not the EV that is vulnerable.

If this proves to be a reality, it looks like all suppliers of DV certs face a serious choice of business as usuall or dropping the DV completely.

Note that this is not a COMODO issue, but the DV cert itself and the way it is issued and used by the websites. It truly now looks like the yellow lock symbol is a false sense of security and should be removed from service. The sites that are using it need to upgrade or admit they are not truly securing your data. Its going to be a bumpy ride. Fasten your seatbelts.

Mikecz

Offline JamesFrance

  • Comodo's Hero
  • *****
  • Posts: 1269
Re: Bad Comodo Bad!!!
« Reply #106 on: August 02, 2009, 01:48:21 AM »
Mystery is MysteryFCM, he's another of the same clique. Has a blog and something to do with malwarebytes forum.

Obviously not much of a mystery as a five minute google will show...

In fact to be fair I don't think that the Mystery there is MysteryFCM.   Mystery FCM is an admin on that site and has certainly been part of the vendetta against Comodo, but there seems to be another one.
James

Toggie

  • Guest
Re: Silliest Security Professional! Mike Burgess
« Reply #107 on: August 02, 2009, 01:56:36 AM »
That's fair comment, I obviously got my mysteries muddled. Apologies to MysteryFCM for being falsely identified.

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2527
  • How long is a piece of string?
Re: Bad Comodo Bad!!!
« Reply #108 on: August 02, 2009, 07:01:03 AM »
If this proves to be a reality, it looks like all suppliers of DV certs face a serious choice of business as usuall or dropping the DV completely.
Mikecz

Let`s hope the later.
That's fair comment, I obviously got my mysteries muddled. Apologies to MysteryFCM for being falsely identified.

It`s all a big mystery, or is it  >:-D  ;D
A couple of computers :P

Offline Xthink

  • Comodo Family Member
  • ***
  • Posts: 67
Re: SSP
« Reply #109 on: August 03, 2009, 09:38:11 AM »

Offline DragonMaster Jay

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 83
  • Malware expert
    • The Ultimate Geek TaskForce!
Re: SSP
« Reply #110 on: August 03, 2009, 11:43:27 PM »
MysteryFCM is named Steven Burns, owner of hphosts. A host file.

He regularly talks down to people as if he does not know how to run a business.

I talked to COU and tried to reason with them. Unfortunately, they keep attacking me.

I hope they learn from what I say...but then again - they have not changed yet.

Starts here and moves on: http://www.calendarofupdates.com/updates/index.php?showtopic=19279&view=findpost&p=85405
DragonMaster Jay
Malware researcher
Owner - Cheetah-Anti-Malware Development Group

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13525
    • Video Blog
Re: SSP
« Reply #111 on: August 04, 2009, 11:26:08 AM »
MysteryFCM is named Steven Burns, owner of hphosts. A host file.

He regularly talks down to people as if he does not know how to run a business.

I talked to COU and tried to reason with them. Unfortunately, they keep attacking me.

I hope they learn from what I say...but then again - they have not changed yet.

Starts here and moves on: http://www.calendarofupdates.com/updates/index.php?showtopic=19279&view=findpost&p=85405

The word "reason" is hard to come by there ;) obviously their intention does not suit being reasonable.

Melih

Offline mikecz

  • Newbie
  • *
  • Posts: 19
Re: SSP
« Reply #112 on: August 04, 2009, 01:04:46 PM »
All of this mess could be avoided if end users only paid for items on a website with an EV cert and NEVER on a site with a DV cert. This would eliminate all this fuss and muss because the EV's are held to the higher standard and have met the criteria for being worthy to accept your money.

Unfortunately, too many users have no clue what the difference is or how to check for it. Most are not running new enough browsers to get the info displayed in a fashion they can understand and interpret. Even fewer truly know what the difference is and how important it is.

DV certs were and are never intended to secure FINANCIAL transactions. THey are OK to use for web based e-mail, but that is suspect.

Regardless of who issues the cert, it is and always will be 'buyer beware'. Just because the store is open and has a business license does not mean there is anything worth buying inside. A cert of any kind does not ensure the quality of the product.Thiat is and always will be the end users final responsibility.

Mikecz

Offline DragonMaster Jay

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 83
  • Malware expert
    • The Ultimate Geek TaskForce!
Re: SSP
« Reply #113 on: August 04, 2009, 04:09:42 PM »
This issue has gone on long enough. Especially the fact that the security 'MVPs' and 'experts' cannot be reasoned with.

mikecz, look through some replies in this topic, and you will see that this was a small issue and is currently being handled. The people who keep slandering Comodo, is who we are getting tired about. It seems that those people like to nitpick on Comodo day-and-night.

What does not make sense, is how they are so mean about it. I know some people who have brought the issue up at other boards, and the admin or mods at the other boards were downright rude about it. What is the big deal?

All the people talking bad about Comodo: DO NOT KNOW WHAT THEY ARE TALKING ABOUT. I simply try to help defend Comodo by attempting to reason with the people, and I get attacked BIG time. As if they cannot ever change their own views.
DragonMaster Jay
Malware researcher
Owner - Cheetah-Anti-Malware Development Group

Offline MysteryFCM

  • Comodo Member
  • **
  • Posts: 34
  • Phishin' Phanatic!
    • Ur I.T. Mate Group
Re: SSP
« Reply #114 on: August 04, 2009, 10:36:52 PM »
MysteryFCM is named Steven Burns, owner of hphosts. A host file.

He regularly talks down to people as if he does not know how to run a business.

Not entirely sure that's fair, though I have my moments like everyone else. If I've got a problem with something, I'll say so, and I don't beautify it whilst explaining it - never been very good at that, which is why I sometimes come off as harsh.

Just to be clear btw, neither hpHosts nor "Ur I.T. Mate Group" are a company ;) (never have been)

Lets also be clear, you can't accuse us of attacking you or anyone else, and then go and do exactly the same thing you're accusing us of - it doesn't work that way.

I've stated my problems before, and believe I've made them clear, aswell as how these problems could be corrected, so I'm not going to get into all of that again.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Offline DragonMaster Jay

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 83
  • Malware expert
    • The Ultimate Geek TaskForce!
Re: SSP
« Reply #115 on: August 04, 2009, 11:59:17 PM »
It is one thing of attacking someone because of an opinion they make. It is another thing to attack someone if they are not being ethical (like having good character). See the difference?

There is a way to talk to people, without being too pushy or egotistical. I went to CoU to attempt to reason, and all I got was negative replies, and basically talked for nothing. I said my last line on that topic, because I was literally exhausted from giving out individual replies. Acting more professionally about different situations is required if you want to get your point across completely. However, when you are not able to convince another 'colleague', you may simply react negatively because the colleague should know what they did and what they can do to fix it. If you were to act the same against a customer/user, you are in bad character.

I now understand that you do not have a business...and that it seems like a group, instead. That is fine. I actually meant colleagues in that line, not people. The same goes for the MVPs that seem to be irate against Comodo.
DragonMaster Jay
Malware researcher
Owner - Cheetah-Anti-Malware Development Group

Offline MysteryFCM

  • Comodo Member
  • **
  • Posts: 34
  • Phishin' Phanatic!
    • Ur I.T. Mate Group
Re: SSP
« Reply #116 on: August 05, 2009, 12:09:28 AM »
I can't speak for anyone else, so won't try to. I'll leave that between the individuals involved.

As far as a group, hpHosts/Ur I.T. Mate Group, are my "spare time" hobbies, nothing more nothing less. I do actually run a company (as of July 1st), but that's irrelevant.

I am of the opinion, that we need to stop this pee'ing contest, and simply see what happens, if anything, to improve the situations at hand. Partially because I'm sick to death of arguing, but mainly because it's not helping anyone.

As far as the Comodo issues, as I've said, I've said all I've got to say on the matter, so unless something else turns up, I've no intention of debating further, there's simply no point.

I can however assure everyone, as I've said many times before, this is not a crusade against, or an attack toward, Comodo - never has been. We simply saw something we have concerns with, and voiced those concerns, just as we do with any other company we see problems with.

I've got nothing further to add, so I'll leave it there.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

Offline DragonMaster Jay

  • Malware Research Group
  • Comodo Family Member
  • *****
  • Posts: 83
  • Malware expert
    • The Ultimate Geek TaskForce!
Re: SSP
« Reply #117 on: August 05, 2009, 12:12:20 AM »
I am glad to see you at a neutral perspective. I wish some of the others were like that, too.
DragonMaster Jay
Malware researcher
Owner - Cheetah-Anti-Malware Development Group

Offline Xthink

  • Comodo Family Member
  • ***
  • Posts: 67
Re: SSP
« Reply #118 on: August 05, 2009, 01:39:41 AM »
I can't speak for anyone else, so won't try to. I'll leave that between the individuals involved.

As far as a group, hpHosts/Ur I.T. Mate Group, are my "spare time" hobbies, nothing more nothing less. I do actually run a company (as of July 1st), but that's irrelevant.

I am of the opinion, that we need to stop this pee'ing contest, and simply see what happens, if anything, to improve the situations at hand. Partially because I'm sick to death of arguing, but mainly because it's not helping anyone.

As far as the Comodo issues, as I've said, I've said all I've got to say on the matter, so unless something else turns up, I've no intention of debating further, there's simply no point.

I can however assure everyone, as I've said many times before, this is not a crusade against, or an attack toward, Comodo - never has been. We simply saw something we have concerns with, and voiced those concerns, just as we do with any other company we see problems with.

I've got nothing further to add, so I'll leave it there.

This should not be one security provider against the other, whatever kind of service or software they provide (firewall, antiv, DV/OV/EV certificates, etc.). It should be those who wants to be secured and those in one way or another helps them be secured (security provider) against those who wants to take advantage of unsecure environment.

Why can both side start a topic discussing how to make DV certificates more secure and make suggestion there that can be adapted on the standard Melih is proposing. Like a constructive debate. For DV first, other subjects will follow.

Just a suggestion.

Regards

Offline Xthink

  • Comodo Family Member
  • ***
  • Posts: 67
Re: SSP
« Reply #119 on: August 05, 2009, 01:41:12 AM »
It can be on this forum, with links pointing to this from other forums.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek