Up to no good again 
http://msmvps.com/blogs/hostsnews/archive/2009/07/22/1705234.aspx
Old news now and the issue was sorted.
The problem here as far as I can see it, is the protocols /procedures associated with issuing certs, not anything vendor specific.
Crooks can be clever at times.
:-TD
This is a new report⌠I was never really involved with the argument with comodo selling certificates to malware hosting sites.
Just wondering⌠Does Comodo inspect the people they sell their selling certs to? or just hand them out for cash regardless of who?
I think (from what happened last time) is that checking is limited to ownership of a domain only. Which means that as long as a crook lies about their intentions for a domain/website, they will get a cert.
Ideally, certs would be issued after vetting of all their current products and repeated periodically for the life of the cert. Of course, this is nigh on impossible. 
Thus, melihâs previous comments (posted elsewhere here) regarding the problems of issuing of these certs.
I wonder who else (ie cert issuers) has been caught out by crooks requesting certs?
I doubt we will every find that out as the report is most probably done the correct way.
Dennis
Verification of identity for those requesting certs is necessary for OV certs and the more recent EV certs which require additional authentication.
By providing reliable third-party verified identity and address information regarding the owner of a Web site, Identity authentication is likely a deterrent for fraud schemes because the subjects cannot retain their anonymity and thus cannot evade legal actions or law enforcement whereas authenticating the Organization will likely provide a way to counter impersonation attempts.
DV certs on the other hand can do not validate the organization thus providing not much more than encryption which in some case may not be enough.
Well, this is how you lose your âtrustâ faster than you gained itâŚ
Well obviously it does to those willing to cast it around 
âNow I ask you ⌠how many times do I have to report the same group being issued a certificate from Comodo, before they take the necessary steps to prevent the general public from being ripped-off by these bad actors?â
âIâve been reporting on Comodoâs lack of concern since
LimeLight Networks and connecting the dots (12-07-07) all we get is excuses and spin on how everyone else is doing it (issuing certificates)â
This guy is becoming boring and quite tiresome; he reminds me of one of those little chihuahuas.
One would think that he would get a clue by now.
Maybe he is overwhelmed by his own sense of self-worth?
Give someone a Microsoft mvp award and suddenly they are a Universal Defender of the Light.
88)
It would be fine to have them build a CA to have some other âsecurity expertâ analyze the real outcomes of such vaguely implied ânecessary stepsââŚ
Who knows maybe they could actually make responsible reporting something unnecessary and irrelevant and efficiently address any concerns.
But it does look like that a site mentioned in a screen-shot in one of the latest report links to another site which got a cert from another CA in the past months.
Did anybody read something about that?
And besides wasnât âthat groupâ supposed to be widely know and so easily identifiable since '07?
[attachment deleted by admin]
Whats with the smear campaign.
Why is their a special group of people that go through such great lengths to point out that some crook conned comodo, not once, but twice 
and run a Public Relation campaign on it. <â(it reminds me of the PAID political ads that you see on tv every election year)
Does the same group of people go through the same lengths when some other crook get a Extended Validation SSL or any other forum of validation
How about verisign or godaddy??? IS it possible for a crook with the capacity(using stolen identification and/or any other such methods) to con their way through verisign or godaddy. Why not put a smear campaign on them too! It would go great with their website Although theyâll make an exception for the vender that hired them. Why bite the hand that feeds them
They basicly make it sound like comodo is nothing but cybercrooks. If someone did the same thing to me. Iâd be recording everything thier doing, track their ipâs(basicly following the trail), do some intelligence gathering and then hit them up with a lawsuit. For the harm their causing
Yes, I agree it is quite mysterious the frenzied intensity that some âprofessionalsâ display in their targeting of Comodo.
One can only question their true motives.
here is my post to them (i posted it on their site too)
Avoiding the issue of DV and pretending that it doesnât exist and as long as Comodo doesnât issue it everything will be fine is not going to solve the DV problem.
The problem with these fraudsters is that DV process is too easy for them to take advantage of. DV only checks if the site owner owns the domain or not. There is no other check. Verisign and Godaddy own around 90% of this market. I have been very vocal in www.cabforum.org to bring higher standards so that end users can be protected. It has met with resistance with people from Verisign and Godaddy. But I am continuing to push for better standards as DV gives a trust indicator to fraudsters hands.
As to some basic checks like, IP etc etc⌠been there and done itâŚdoesnât work! These people are professional criminals! They know how to change their IP when applying for a cert, how to create a new identity etc etc. We are coming up with different defense mechanisms but weâll see how it will work.
To people who claim we profit from these:
Fact 1) These are all FREE SSL certs⌠we donât get money from them (notice the duration of the cert is 90 days, these are trial certs we issue)
Fact 2) we issue over 300,000 certs a year getting some fraudsters getting a free cert or two costs us money in reality!
So what can we do to fight this?
1)We need to get a standard (yep⌠there is NO STANDARD for issuing DV certs today) that mitigates fraudsters having access to this yellow padlock (nothing ever is 100%)
2)We all need to work together and report these sites so that they can be revoked quickly again limiting the damage. Common Computing Security Standard Website has a reporting form where this is fed to all CAs quickly. http://www.ccssforum.org/report.php . Please use this to report any maliciously used certificate so that it can be acted upon quicker.
Pls feel free to engage in a discussion (here or in Comodo forums) as to how we can make it safer for the end user. Again, Comodo stopping issuance doesnât make it safer, it might even end up with other CAs who might take much longer to revoke maliciously used certs. And a DV is a DV, yellow padlock indicator does not differentiate between vendors⌠Users just see the yellow padlock and trust it.
Melih
Melih,
Yes, I know that usually CAs only check if the site owner owns the domain or not, but why donât you change the standard for yourself?
If you are pushing for better standards, why donât you use them instead of waiting for others to?
Is there some âruleâ prohibiting you from doing so? If not, why donât you set the example?
Thatâs OV and EV certs that we issue. So we do already provide better certsâŚ
the only question here is: Should Comodo issue them (DV certs) or not?
If Comodo didnât issue them, will these fraudsters go away? Or simply go get it from some other CA? Is the other CA will have as stringent Revoking policy as Comodo at reacting so very quickly to help protect users?
It was a long and hard decision for us, but I think end users would be more secure if Comodo was offering DV certs as long as other CAs also offered it.
DV is a dangerous tool, would you have a Rogue country control the Nuclear Weapons we have? Of course not! DV is a weapon and its not going away, who do you want controlling it? I say Comodo because we have shown ourselves to be caring, responsible and responsive to our userâs security!
Melih
We did a manual check to see how many of the malware related sites (sites that are pushing rogue AV products or other malicious activities, not including fake investment scams etc offered by fraudsters) use SSL certs to create legitimacy in an attempt to dupe end users.
The site is called www.malwareurl.com which has a list of malware related URLs (this is just one of many sources) We checked the last 2000 entries from http://www.malwareurl.com/rss.xml?n=1&limit=2000
for malware websites with certificates. The list and the corresponding certificates are attached.
https://secureoem.com/shop/order/ Equifax
https://secure.signupsecurity.com/p05/(S(4xghlr45eyy5dd45f33jqub4))/join2.aspx GoDaddy.com, Inc.
https://secure.yclinks.com/p05/(S(r02vzt55hmnxlh45vy5dvj55))/join.aspx?siteid=freemovienow_cm&product=30&cli=7&descriptionid=new-movies&lng=en GoDaddy.com, Inc.
https://secure-plus-payments.com/cgi-bin/nph-pr/pandora/softcore/buy_soft.php?productid=avplus3&advert=1 Thawte Consulting cc
https://secure.cc-process24.com/ Equifax
https://secure.mpsjoin.com/join/index.php Equifax Secure Inc.
https://secure.payment-cc24.com/payment/?sku_name=PCSEC_EN,PCSEC_EN_01,ACTF_EN&sku_checked=1&affid=020c990db04ea0196e1af96bdae2e508LCw=&nid=431ae3a42aa877d0d3ac816da0e4b772 Equifax secure.payment-cc24.com.p7c Session-based link. Redirected from: http://pcsecurity09.com/buy.html
https://1-vscodec-pro.com Thawte Consulting cc
https://secure.onlineinternetpayments.com/billpav/? Thawte Consulting cc
https://secure.innovagest2000.com/ GoDaddy.com, Inc.
https://secure.paysecorder.com/order?agree=on&prodid=2&r=1.0&â â â â = Equifax Secure Inc.
You see, wouldnât it be better for the end users if all the above certs were from Comodo? They would have been revoked by now!!! DV is a dangerous tool!
Melih
Please add this lastminute about the âthat groupâ featured in some blogs as well.
Just in few hours the same parent site linked to two different https onesâŚ
Besides the same âthat groupâ apparently bear countless of individuals as the involved domains are registered by different persons.
[attachment deleted by admin]
Endymion
can you pls report these to http://www.ccssforum.org/report.php asap.
PS: I reported the ones i posted.
thank you.
Thanks for pointing out the submission form.
I submitted the info at that form without the urging need to put up a blog as well.
The previous cert was already expired though when was active Iâve not read about it somewhere :-La
(How could it be that some âgoogle expertâ missed that? :o)
Obviously in both cases the involved CA was not Comodo.
I made a post there responding to herbert but still didnât show up? :(, Lets hope it will show, cos if it did, then donna wouldnât have made her misguided statements.
Melih