http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspxThey have known about this for 2 days and haven't reported to us (as far as I know), leaving users at risk. Not following responsible disclosure guidelines only puts end users at risk.
Why didn't they report it to Comodo as soon as they found out? What is more important fame seeking self publicity or protecting end users?
As to DV issue: Donna simply doesn't get it! DV cert is a product where there is no identity validation done. This one was a trial ssl we provide. Those people have got the ssl for free. Donna, ignorance is dangerous, pls learn about the issues with DV and put your efforts to good use and try to get rid of DV so that a DV cert should not result in a trust indicator like the Yellow padlock. Write to
www.cabforum.org asking them to rid DV, like I am doing.
Also for reporting any malicious sites that are using certs pls use the
www.ccssforum.org (
http://www.ccssforum.org/contact.php ) reporting so that relevant companies can act on it.
I hope Donna will stop this silly witch hunt that she has unnecessarily engaged in and use her efforts for a good purpose of getting rid of DV Certs so that people do not gain yellow padlocks for malicious activity.
Melih
PS: This cert was revoked within 4 minutes of us being aware of it!
Edit: 12th July: The bloggers name is Corrine apparently and not Donna (however we still have issues with Donna for spreading lies).
