Hah! You find that foolish? Then you’re the one making yourself like a one. Why? Because you believe that we do not know that other certs has issued cert to fraudster. You believe that we are singling you out. Since May 2009 discussions in Calendarofupdates.com forum, people was highlighting your difference from other cert vendors. No one is saying that only Comodo has issued cert to malware domains.
From day 1 that this issue about your cert was blogged or discussed in forums, you keep pointing fingers. You keep comparing yourself with other cert vendors but you failed to realize that people expect MORE from Comodo because you are offering NOT only certs but Comodo security software also. People are not comparing you to other cert vendors because they know that it is not Comodo alone has done it but they expect more from you. You are the one who keep mentioning your rivals.
You are using other cert vendors as EXCUSE or ALIBI that as if people do not know about certs at all. What we cannot understand and you/Comodo failed to do is to prevent it and provide better prevention especially you are expected by people to do better. You have security software! Your teams (malware research and cert teams) should be coordinating and reporting to one another then prevent it before people become victim.
Even Paul can see the problem with your services. Even Paul has said it. Ethics vs Commercial. You opted for losing your ethics. You opted to not to provide professional standards. You opted to provide a not fair job and you opted to not to show your duty as security software vendor.
Even Mike has said before “who’s ethics is being question here?”, not his but yours.
And since you opted to the above, then you got to face this problem. Solve it Melih. That what people want to see, your solution.
Who the heck are these people?? ??? >:(
At the company I work for, we have Microsoft employees on-site, full time, and they are all nice people; none exhibited the narcissistic displays of self-aggrandizement that these Microsoft mvps do, and with such relish no less!! >:(
Comodo has helped to lift the baseline of security for all internet users; what has any of these bloggers done even remotely comparable?? >:(
Paul responded with the voice of reason; this Donna character is either irrational, using this as a vehicle for self-promotion, or both. 88)
If you do pls tell us the percentages. How many percent of the malware sites used Comodo certs vs other vendors certs. You do NOT know this, if you did, you wouldnt be doing what you are! Can you pls provide percentages to say that Comodo is not doing its part?
You believe that we are singling you out. Since May 2009 discussions in Calendarofupdates.com forum, people was highlighting your difference from other cert vendors. No one is saying that only Comodo has issued cert to malware domains.
Then the only foolish one is Donna. She even quoted a line from Verisign: “Yes, we can revoke a cert whenever we want. But more importantly we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place.” If she didn`t believe that line why did she quote it? Can you pls explain?
you failed to realize that people expect MORE from Comodo because you are offering NOT only certs but Comodo security software also. People are not comparing you to other cert vendors because they know that it is not Comodo alone has done it but they expect more from you. You are the one who keep mentioning your rivals.
Expect more from Comodo because we have security software implies comparison to other cert vendors btw more compared to whom? Obviously our competitors! Or perhaps you can explain what you mean by expect more from Comodo compared to what/who based on What percentage? What data do you have in terms of percentage to say that Comodo is not doing enough compared to our competitors? Perhaps you can share that data showing the percentage of maliciously used certs issued by comodo vs competitors as well as the average revocation time for respective companies. Surely you must have this for you to come to the conclusions you have. If you haven`t how can you possibly say all the stuff you guys have been saying?
Even Paul can see the problem with your services. Even Paul has said it. Ethics vs Commercial. You opted for losing your ethics. You opted to not to provide professional standards. You opted to provide a not fair job and you opted to not to show your duty as security software vendor.
Paul`s point was about free/trial SSL, but as was clearly shown this is not the issue as the malicious site went and purchased a cert from a Verisign Company.
Again, we expect substance to your allegations, we expect no flip flopping, we expect not some foolish girl going around on a witch hunt with literally ZERO understanding of security world!
Its amazing how the universe works in mysterious ways… She quoted the Verisign statement and within 24 hours she was proven wrong!
How can you with any credibility claim that she didnt quote Verisigns statement saying: “we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place”. Donna is a fool for posting that statement and then claiming she never said others vendors don`t issue certs to malware domains. Can you explain?
QUOTE (Data [at] Jul 27 2009, 04:01 AM) *
QUOTE (mvdu [at] Jul 27 2009, 03:35 AM) *
I took the high ground and did not.
Though it doesn’t bring any sensible reply to directly challenge what he says, It’s worth getting a word in. It keeps things interesting, and ultimately the damage continues to grow. Not only is the company’s rep being dragged down, but the amateurish thinking behind it, is also on show for the world to see.
Unfortunately, on their forums, it will just go in circles. They will NEVER admit I or Donna is right. Exposing it is good, however.
“Why did I quote Verisign’s response? it is to answer 1George’s claimed:”
WOW…what a LIE…because Donna posted verisign Statement on Saturday, July 25, 2009 5:41 PM by donna
But 1George made his first post on
Saturday, July 25, 2009 9:53 PM by 1George
Donna is now resorting to lying through her teeth to get herself out of what seems like a big hole that she has dug up for herself!! Shame on you Donna! A Fool and now a blatant LIAR!!! Have you no shame?
Donna has to eat her word on yet another statement she made
" It does not mean that Verisign re-approved or re-issued the cert to the same gang that unlike you"
ehm… Donna, you are wrong, They actually did…
www.malwarecatcher dot net mentioned in the original blog points to https://secure.softsales-discount dot com/support/ and this domain had an SSL from a Verisign Company previously (was valid until 6/26/2009) and now they went and got another cert again from Verisign! Repeat offender? hmm…
Can you pls explain that Donna (along with why you lied pretending you posted the Verisign statement after 1George’s statement and) now it has been proven that your theory of “repeat offender” is total rubbish! (don’t you even check your facts before you post???)
Donna, you have been proven to be a total fool and a blatant liar! I am sorry I had to get dirty with this issue, but someone had to show you for who you really are. Now the proof about your lies and foolish statements will be there for everyone to see and will hound you!
Attached: Screenshot of the Verisign certs previously issued.
Its total waste of my time and energy. I could be doing more useful things with my time than showing off this Donna girl for what she is!
If I let her continue the way she was, without showing her to be a fool and a liar as we all now know that she is, we would have continually gotten posts in our forums pointing to her and her followers posts bad mouthing Comodo. (look at how this post was started).
Now that Donna has proven herself to be a fool and a liar they have no credibility and no platform to attack Comodo from. Of course they will continue to do so, but who would listen to a fool and a liar? All we do is point anyone who references her posts to her lies and foolish statements she made and let people understand who she is before anyone listens to her.
If you wrestle with pigs expect to get muddy… Didn’t want to do it, but had to get muddy!
Anyone can read this? Tell me where it goes if you press the VISA logo or MasterCard logo…
Select payment method
Please select preferred payment method:
Yes, you guessed right, depending on what you choose you get sent to a different website…If you choose visa it takes you to a site which has an expired cert from comodo and if you choose mastercard it takes you to a site that has an expired cert from Verisign.
It’s from this Malware site Mentioned in the blog and the blogger who started the whole thing (winhelp2002) didn’t spot this… So kept choosing VISA and that took him to a site that hosted revoked SSL from comodo… But if he had chosen Mastercard it would have taken him to the site that hosts a Verisign Cert… Obviously they didn’t realize how best to analyse a malicious site and missed the site that hosted Verisign cert and made all these allegations against Comodo unfairly. Including Donna who said Verisign doesn’t reissue certs to known sites… which is now proven to be wrong.
They tried to analyse the anatomy of a malicious website and they didn’t fully analyse it and blamed Comodo! The very site they analysed had a Verisign Cert all along and Verisign reissued to that malware site again!
IMHO descriptives such as these are unbecoming of a CEO of a major security software vendor, and do not inspire confidence in the leadership direction of the organization.
Even if it’s true? What a world we live in, where someone can’t voice his correct opinions without having to fear reproval, due only to his elevated position.
Just last week, The President of the United States had to recant comments he made two days prior.
This has always been the nature of the world in which we live.
BTW I just reported to the CCSS forum these sites still using valid DV certificates because, if I did not misunderstand, some blog mentioned they were involved in malware warnings:
Like for previously mentioned cases the issuer was not Comodo.
Guess that blog could soon write about them again as I got the impression there was an easy way to identify these cases.
Though ATM it looks like only one is involved in a billing cart page whenever there is no way to access the billing cart from the default page nor any back-link to the product homepage (possibly hosted on another site) is featured.
If is not for the cart page (which, like links to it, could be created or wiped out in matters of seconds by the owners) no relation with the product could be confirmed too.
For what it’s worth, I posted this on mvphosts an hour or so ago, it’s not shown up…
I must admit I find this quite disconcerting! As an MVP myself, I tend to have quite high standards when it comes to discussing matters related to IT and espcially security. What I find here and elsewhere, however, seems to amount to a vendetta against a single company, by a small band of irate MVPs.
The simple fact is, this is not a single company issue, it’s an industry issue. Comodo is not alone in issuing certificates and is in fact a relatively small player, yet I find no mention on your site of Verisign. Will you tell me, honestly, they are not also guilty? I think the proof lies in this very thread.
Your premise for singling out Comodo as the evil supplier of certificates to “criminals” seems more to to with your dislike of them also being a software supplier, in addition to a certificate supplier. I have to wonder if this at all relevant. If I choose to install their software on my computer, I don’t see any ‘malware’ being installed. Granted, they offer the Hopsurf toolbar, which is powered by Ask, but it’s optional. For the most part the security package is first class.
I really believe you should stop with the ridiculous ‘tabloid’ headlines and concentrate on the real issues. If you want the industry to change then report fairly, put pressure on those that can make a difference.
I doubt it will make difference to their either way.
more compared to whom? Obviously our competitors! Or perhaps you can explain what you mean by expect more from Comodo compared to what/who based on What percentage? What data do you have in terms of percentage to say that Comodo is not doing enough compared to our competitors? Perhaps you can share that data showing the percentage of maliciously used certs issued by comodo vs competitors as well as the average revocation time for respective companies. Surely you must have this for you to come to the conclusions you have. If you haven`t how can you possibly say all the stuff you guys have been saying?