More on Comodo as it seems that there was another attempt to generate more SSL certs. Very interesting is that COMODOHACKER explains him/her.self via the copy pasting site. Some interesting details were shared like: I hacked Comodo from InstantSSL.it, their CEO's e-mail address mfpenco@mfpenco.com Their Comodo username/password was: user: gtadmin password: globaltrust Their DB name was: globaltrust and instantsslcms You have to admit that with a password like that... . you can be sure they mean business. (and by that I mean none of my business).

Anyway, it has been confirmed that this person is indeed responsible (at least partially) for this nice demonstration by errata security.

I'll just say it again, when will we all agree that the business of signing SSL certificates is just a bunch of bullshit ?

We [should] all know that trusting third party SSL roots is bad, but if you are still not convinced then read how Comodo's SSL service was compromised. In short a reseller account was broken into and from there the attacker requested certificates for 7 domain names.

What this means is that certificates are issued without being verified. Whether it is the reseller or an attacker that is trying to generate certificates, they are not really verified, they are simply issued. Again, why do people trust ANY of these Certificate Authorities ?

Maybe time to think more about Monkeysphere and/or an SSL verified over DNS system.