Here we go again..

http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx

They have known about this for 2 days and haven’t reported to us (as far as I know), leaving users at risk. Not following responsible disclosure guidelines only puts end users at risk.

Why didn’t they report it to Comodo as soon as they found out? What is more important fame seeking self publicity or protecting end users?

As to DV issue: Donna simply doesn’t get it! DV cert is a product where there is no identity validation done. This one was a trial ssl we provide. Those people have got the ssl for free. Donna, ignorance is dangerous, pls learn about the issues with DV and put your efforts to good use and try to get rid of DV so that a DV cert should not result in a trust indicator like the Yellow padlock. Write to www.cabforum.org asking them to rid DV, like I am doing.

Also for reporting any malicious sites that are using certs pls use the www.ccssforum.org (http://www.ccssforum.org/contact.php ) reporting so that relevant companies can act on it.

I hope Donna will stop this silly witch hunt that she has unnecessarily engaged in and use her efforts for a good purpose of getting rid of DV Certs so that people do not gain yellow padlocks for malicious activity.

Melih

PS: This cert was revoked within 4 minutes of us being aware of it!

Edit: 12th July: The bloggers name is Corrine apparently and not Donna (however we still have issues with Donna for spreading lies).

I wonder if it’s just Malware Destructor 2009 that is being malicious here.

I left a response on the site in defense of Comodo.

And its been over a week and she still hasn’t put my response to her post on her site :slight_smile: Surprise Surprise!

I responded to her site on July 4th… and knowing the possibility of them censoring my post, i took a snapshot of my screen as I posted it…7 days on… they rather censor what their users read…welldone Donna! Somehow I had a hunch that being concerned about telling the truth to her readers wasn’t the first thing in her mind :wink:

Today its 11th July, they still continue to spread the lies and haven’t changed a thing…

Your sole purpose is a witchhunt against Comodo… I hope you are being paid well for that :wink:

Melih

Clarification: my statements were directed towards the original blogger Donna

[attachment deleted by admin]

Shame is the word.

The DV cert involved in http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx
was apparently issued for safe-pay-vault.com a domain created on 2009-07-03

safe-pay-vault.com was not registered by “ISystem Inc”

safe-pay-vault.com (95.168.163.99) doesn’t belong to Rcp.net range [206.53.48.0-206.53.63.255] mentioned in some blog.

Indeed with little help from some blogger it would be possible to confirm that at some point safe-pay-vault.com was linked from a site that could be related to “ISystem Inc”…

Though it is rather unsettling to confirm those who actually leverage on such hindsight arguments to argue about reputation aren’t average Joes…

Guess the only clear victors are malware authors and those who leverage on the ongoing FUD and claim that it is possible for some DV services to be unaffected.

Nevertheless many advices implicitly based on the assumption that magic wands actually exist will pop around for sure.

Sure… They can continue to post mis-leading comments. Why do they bother to even put the time into posting half-cocked statements? Are they scared?

Donna… Please come to our forums and tell us why… We will Welcome you pleasantly, Because your not doing a favor posting misleading comments. You’re not understanding DV issues, And the facts and background that surrounds around it.

Cheers,
Josh

You absolute bunch of clowns! As if anyone of any standing would soil their hands with your grubby little board.

We should hack her site and post the truth
You showed keep your mods in check, melih. Such comments are not something that should be available for the general public to see.

btw, I also saved this thread for reference.

Obviously , Donna and her cohorts have no qualms about spreading disinformation and quashing any attempts to set the record straight.

:o
This Toggie absolutely has to go.
This is something which should not even be mentioned in jest by a moderator on a security forum.

Melih needs to make a personal apology for this; it is already flying all over the security forums!

I don’t think anyone should apologize since the comment was meant to show that hacking the site would be the only way to post the truth without it getting deleted. They need to apologize for censoring the facts.

You’re here, not? :wink: And the “grubby little board” has more than 75,000 members…

Hm, I share your opinion - this shouldn’t be proposed by a mod - but be moderated…
But on the one hand, you tell Melih he should censor this opinion posted by a voluntary mod, on the other hand, you’re afraid of anything is modified, so you’re saving this thread for reference?
It’s very hard to decide which posts should remain public and which should be removed. I’m glad, that you can post almost any opinion here without being censored. And I’m glad that I don’t have to make this decission in some cases…

Again - the mods are voluntary - I can’t see, why Melih needs to apologize for this - maybe Toggie should do…

I’m not sure if something obviously meant as a joke should warrant an excuse whereas the ongoing topic was meant to address something not said as a joke.

Though I come to understand that the best jokes are those which are said seriously…

Hi Guys

I talked to Toogie. I do also apologize on his part, He obviously did NOT mean it, But I asked him to edit his post.

Let’s keep on thread title for now on… :slight_smile:

Cheers,
Josh

Comodo’s reputation is already severely damaged.
As I said before, under NO circumstances, whether serious or in jest, should a moderator of a security forum EVER suggest that hacking a website might be an option.

Melih can do damage control now, or he can try later, but he MUST do damage control, and IMO the sooner the better.

My opinion: At best this joke issue is nothing more than a poor deflection of the greater, and far more important, issues laid before us. Namely; a lack of verification and objectivity by a blogger who actively engages in censorship.

So why didn’t donna inform Comodo and kept that news to herself for 2 days while people got infected?

Why didn’t donna correct the mistake even though I posted a reply trying to correct her lies?

How can you even talk about security and do not follow responsible disclosure guidelines? How can you talk about security and still continue to lie on your site?

I think the truth has now caught up with Donna :wink:

Melih

The slippery donna does it again :slight_smile: Is Comodo President/CEO a Liar? You Decide ~ Security Garden

Lucky I knew she was going to be slippery somehow, that’s why I emailed the screenshot to myself the day i took it :slight_smile: So guess what I have the email server logs too :slight_smile:

But none of my comments show up in her system… none of those she claims to be mine actually match what I had written on 4th July :slight_smile: Donna, you are so cute… you can’t even read and compare my post to what you have in your system…

Anyway, here is the snapshot of my outlook (i have blacked out stuff for privacy) you can see that it was 4th July and what Donna is pointing to in her blog has nothing to do with what I have written :slight_smile: Probably she deleted it thinking hey what could happen… she will lie and get away with it… not so Donna not so :slight_smile:

You have just been caught red handed, lying and totally doing things that flies in the face of security industry by not disclosing vulnerabilities before going public! Shame on you!!! By continually spreading lies even though people have warned you your statements are lies. You can’t get out of this by trying to attack me dear Donna. You should be ashamed!

Melih

[attachment deleted by admin]

In Corrine’s own words, that would be “Liar, liar, pants on fire.” then. Me thinks, Corrine doth post too much.

@Melih,
I wasn’t going to waste my time responding but in light of your fixation on Donna, I feel I have to.

Allow me to make this as clear as possible, neither the hostnews blog, nor the securitygarden blogs, are controlled by, edited, or otherwise owned, by Donna - in short - SHE HAS NOTHING TO DO WITH THEM!

Quite why you feel compelled to blame her for any of this is beyond me.