Author Topic: Important Security Notice About Comodo Forums Accounts  (Read 28661 times)

Offline cheater87

  • Comodo's Hero
  • *****
  • Posts: 700
Re: Important Security Notice About Comodo Forums Accounts
« Reply #15 on: October 01, 2019, 07:45:07 PM »
Perhaps allow 2FA as an option for our accounts.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26319
Re: Important Security Notice About Comodo Forums Accounts
« Reply #16 on: October 01, 2019, 08:36:35 PM »
Cheater87 sent me the following article about the breach: https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html . Other sites are starting to pick up on the news brought first by Bleeping Computer.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 667
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Important Security Notice About Comodo Forums Accounts
« Reply #17 on: October 02, 2019, 07:50:31 AM »
***HEAVILY EDITED*** >>> First of all, I have considered page 2 for page 1 of the thread (I've been awake for 33 hours for "technical" reasons. 88) ) and secondly, it is generally not recommended writing on different topics in different forums at the same time. :a0

The vulnerability has been known for a relatively "long" time. Apparently, the security gap has not been fixed since the announcement and this has made this type of attack possible.

"According to Chaouki Bekrar, founder and CEO of the Zerodium exploit broker, the vulnerability has been privately circulating for years."

>>> https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/

Thanks also to Shane for the details shared here.  :-TU
« Last Edit: October 02, 2019, 09:40:19 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline maybe12

  • Newbie
  • *
  • Posts: 1
Re: Important Security Notice About Comodo Forums Accounts
« Reply #18 on: October 02, 2019, 09:21:14 AM »
[at]Shane
i have reported this issue to security[at]comodo.com from 26 September with out respond
only i got "Elif out of the office"

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 667
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Important Security Notice About Comodo Forums Accounts
« Reply #19 on: October 02, 2019, 09:32:03 AM »
p.s.

Incidentally, the young man who calls himself "Instakilla" was also involved in other hacks. He seems to be primarily a penetration tester, so rather a "White Hat", only if that calms someone down. :D

>>> https://www.zdnet.com/article/bulgarias-hacked-database-is-now-available-on-hacking-forums/

>>> https://blog.dehashed.com/star-vault-mortal-online-hacked/
« Last Edit: October 02, 2019, 09:35:52 AM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26319
Re: Important Security Notice About Comodo Forums Accounts
« Reply #20 on: October 02, 2019, 10:31:42 AM »
From the ZD Net aritcle:
Quote
Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of Bulgaria.
I would not call sharing hacked data by a "hacked data trader" activity of a white hat hacker.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 667
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Important Security Notice About Comodo Forums Accounts
« Reply #21 on: October 02, 2019, 01:39:58 PM »
From the ZD Net aritcle:I would not call sharing hacked data by a "hacked data trader" activity of a white hat hacker.

I dont want to defend anyone who invades foreign systems and also forces ME to change my password and i dont know the exact content of the state documents that were stolen, but for example, in order to expose the intention of illegal practices or to reveal security gaps, this would give the thing a different character.

He has also an VIP-Account on "raidforums.com" and he describes himself as "Penetration Tester & Web Developer". Whether this is true or if he would rather be described as "Gray Hat", i can not answer unfortunately. :a0

>>> https://raidforums.com/User-instakilla

***Update:***

The "loot" from the forum Hack was also already offered for trade/selling and i dont like that!!!  >:(

>>> https://raidforums.com/Thread-Database-Trading-Buying-Selling?pid=1065446#pid1065446
« Last Edit: October 02, 2019, 04:48:55 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline MrMaxaMan

  • Comodo's Hero
  • *****
  • Posts: 200
Re: Important Security Notice About Comodo Forums Accounts
« Reply #22 on: October 02, 2019, 05:26:05 PM »
I only heard about this from another site, maybe sending out an e-mail to forum members asking them to change their passwords would be helpful.
Avast Free - 20.9.2437 - Comodo 12.2.2.7062 Firewall with D+ - Winpatrol Free.
On demand - MBAM - Super Antispyware.
Windows 10 64bit - 16GB Ram.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 592
  • Paranoid B#st#rd - CIA
Re: Important Security Notice About Comodo Forums Accounts
« Reply #23 on: October 02, 2019, 06:20:07 PM »
I only heard about this from another site, maybe sending out an e-mail to forum members asking them to change their passwords would be helpful.

Totally agree, this should have been done as soon as the forums were put back online.

Makes me think Comodo has a lack of contingency plans for such events.


Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 592
  • Paranoid B#st#rd - CIA
Re: Important Security Notice About Comodo Forums Accounts
« Reply #25 on: October 03, 2019, 10:55:50 AM »
To me this shows one thing.

I think that Comodo has too many websites resulting in the lack of resources to effectively manage them all.

I think that you only need one main website guys. I would kill off all of the legacy websites that are just clogging up time and development.

You, seemingly to me, can't even update all of the different listings for CIS with the new pricing at the same time (as you seem to be still finding old listings). This just further proves my point.

I think that you should kill that clutter!

Offline chilinux

  • Newbie
  • *
  • Posts: 11
Re: Important Security Notice About Comodo Forums Accounts
« Reply #26 on: October 04, 2019, 09:01:31 PM »
I think that Comodo has too many websites resulting in the lack of resources to effectively manage them all.

I think you are going in the wrong direction with this.  The fact sheet for Comodo indicates they have over 600 employees.  The mission statement of Comodo seems to indicates that they should have a larger percentage of employees dedicated to computer security than your average company.  Given the information provided by Comodo for their products, they should be able to run more mainstream public facing internet services in a honey-pot like state and keep it secure.  At least they should be in a better position than most of their customers to use their tools to keep things safe.  It seem to me that Comodo employees when asked if their tools will protect online web services, they won't stop at just indicating it can protect use of vBulletin or SMF.  Comodo seems like the type of company that is willing to companies should be using Comodo tools to protect phpBB, WordPress, Joomla, Magneto, etc.  Comodo seems to have so much ambition about what their tools can do.  But it would be nice if Comodo demonstrated that level of protect themselves.

Something that caught my attention of this notice was the very first line:
Quote
"At Comodo, we take security very seriously and it is our highest priority."

A highly respected computer security journalist, Zack Whittaker, wrote an article for Tech Crunch back in February of this year called "At Comodo, we take security very seriously and it is our highest priority."

The article begins with:
Quote from: Zack Whittaker
In my years covering cybersecurity, there’s one variation of the same lie that floats above the rest. “We take your privacy and security seriously.”

And the article ends with:
Quote from: Zack Whittaker
With no incentive to change, companies will continue to parrot their usual hollow remarks. Instead, they should do something about it.

I'm sure a company as security focus as Comodo is aware of the works of Zack Whittaker and wouldn't post hollow remarks on their forum.  So, when Comodo says they take security seriously that should imply they have been using their own products to protect the data.

So, was Comodo Endpoint Security which was stated to me as providing 100% protection able to stop the breach? 

Answer seem to be NO.

How about Comodo HackerProof site inspector, did it provide the next dimension in website scanning to stop the breach?

Unfortunately, NO.

How about Comodo Dragon Platform, was there bulletproof 100% protection from zero-day attacks to stop this breach?

I can come to a 100% verdict in 0 seconds on that and say: NO.

So, if a company of 600+ employees with better security training and skills than your average Comodo customer can't protect commonly used forums, what hope do those customers have?

There is a definite need for the type of products that do the things Comodo claims they do, but there still seems to be a lot of work to be done.  Thank goodness for Comodo's exciting ambition.

I think Comodo needs to show their products can protect *more* instead of consolidate to less.  They should be able to expose the top ten most popular public facing web applications on their own servers with an open "capture the flag" style invite for any security research to deface them.

If they aren't willing to show complete buy-in themselves for their own products, why should any potential customer take them very seriously about Comodo's claim of taking security very seriously?  Please don't let Comodo just be another company that makes hollow remarks.

Offline prodex

  • Comodo's Hero
  • *****
  • Posts: 510
Re: Important Security Notice About Comodo Forums Accounts
« Reply #27 on: October 05, 2019, 01:32:08 AM »
Comodo's priority is safety for consumer/user, should be so and it claims to be.

Aren't they two pair of shoes: security of a website and security of my PC?

This so-called hollow saying "At Comodo, we take security very seriously and it is our highest priority.", which can be used by anyone, applied and applies to my PC:

Why else have I never had problems with Trojans, Ransomware, worms, viruses, etc.? Like many others I do online-banking, too, and have never had any problems.

Of course, such an event can make you a little insecure, but AV-Labs, for example, certifies Comodo:

https://www.av-test.org/de/antivirus/privat-windows
of August 2019:

protection: 6 points of 6

and then 5.5 of 6/5.5 of 6 (not so interesting for me)

Should I say good-bye to comodo now? Would you

come to a 100% verdict in 0 seconds on that and say:
YES? (Not a very serious question for me)
« Last Edit: October 05, 2019, 02:00:01 AM by prodex »

Offline mmalheiros

  • Comodo's Hero
  • *****
  • Posts: 315
Re: Important Security Notice About Comodo Forums Accounts
« Reply #28 on: October 05, 2019, 01:49:37 AM »
So, was Comodo Endpoint Security which was stated to me as providing 100% protection able to stop the breach?

Please note Comodo Endpoint Security or Comodo Client Security (CCS) which uses the same protection core as CIS is for Windows only.

The affected Forum server was running on an Apache/Debian server.

You can check it at: browserspy.dk/webserver.php inserting forums.comodo.com in the URL field.

There is no such a thing as CCS or CIS for Linux and it's variants. Comodo for Linux is just another average AV Realtime Scanner with low detection ratio.

I do agree Comodo should take better diligency steps for handling vulnerabilities in Third Party softwares and services they may use. But they don't do the code for VBulletin Forum platform, it's a Third Party service. What they should have done in this case is updating the VBulletin platform in the same day the patch was released or 24 hours later at max.

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2220
  • Oxygen requires Chuck Norris to live
Re: Important Security Notice About Comodo Forums Accounts
« Reply #29 on: October 05, 2019, 10:25:26 AM »
So was this forum here affected? I could still login with my old password.


I changed my password for the email I used to register here and other Comodo products/sites. I was about to swap the password for this forum and other ones, too, when I saw this thread.
I am not sure why you mention your email password. It should be different than any other password you use. And different passwords for everything in general. If you leak your email password by having it for the accounts you create as well, each time it is a leak.

....and why you then said, you were about to change the passwords for comodo too...... Those were the ones probably affected, so had to be changed.
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there has been no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen.
But there was no phone...."

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek