DEFCON 20-Info behind 2011 Comodo Breach

Hi Guys, I was watching Securitytube and I found a video where the speakers went into great detail about the 2011 Comodo SSL Breach. The video was taken at DEFCON 20.
(Warning: The speakers swear often)

That is almost 2 hrs of video. Can you recap what is being stated?

Is there still a vulnerability? Could you please cross reference with Digital Certificates Used by Malware?

How do you explain the “persistent” attacks on Other CAs and an eventual successful breach of Diginotar?
How do you explain how Stolen Certs from Diginotar was used (clue: check the Dutch Government report on that and check the OCSP responder stats to see where they were coming from).

here are some links…look at the “Red dots” :slight_smile:

and a good write up here

Do you know what it takes to do a MITM to hundreds of thousands of people?

I want to focus the discussion again here…The guy in video was claiming: There was no state behind the attack and was a student…

Maybe you can ask him how he can explain the reddots in the video then? :slight_smile: