Explore our perspective on a variety of security topics and issues.

The Importance of Identity Information on Sensitive Sites

An experiment in Chrome 69 has sparked a debate about the intention of SSL. This experiment has removed the green address bar indicator for a small portion of users, so folks on Twitter are weighing in with their opinions. (And let’s take a moment to thank Magento hosting provider Sonassi for calling attention to this debate with their well-thought-out blog post “SSL doesn’t mean secure.”)
Read More

Comodo CA Needs a New Name. Here’s Why.

On October 31, 2017, Francisco Partners announced its acquisition of the certificate business from Comodo Group, which it spun out into its own, separate entity. Branded Comodo CA, the newly independent certificate business went off to ramp up its own operations, offices, teams, and programs.
Read More

IoT PKI Manager Named Finalist for Computing Magazine Security Excellence Awards

We are proud to announce that Computing Magazine has named our IoT PKI Manager one of three finalists for its esteemed 2018 Security Excellence Awards in the IoT Security Solution category, along with British Telecom and SaltDNA.
Read More

First U.S. IoT Security Law Signed in California – Here’s What It Means

At the end of September 2018, the Governor of California signed country's first Internet of Things (IoT) security law, calling for reasonable security features. This is the first cybersecurity bill governing IoT devices, making California the first state in the country to establish formal legislation.
Read More

Upgrading Our Processes

Blogger Troy Hunt recently published a long missive in criticism of Extended Validation SSL, which includes a number of criticisms aimed at the Comodo brand in particular.  Since the CA spun out of the larger Comodo Group, Inc. late last year we have been aggressively investigating all aspects of the business to identify where changes are required and to plan and implement them.  
Read More

Phishing Incident Statements

On September 11, 2018, a cybersecurity firm reported that it uncovered malicious code injected into the British Airways website, indicating that the hackers in the recent British Airways supply chain phishing attack made use of an increasingly common tactic of using large websites to embed pieces of code from third-party suppliers.

Read More

DNS Poisoning Variant to Obtain a DV Certificate Unveiled

On September 6, 2018 The Register published an article describing how a team of academic security researchers successfully demonstrated that they could use a variant of DNS poisoning to obtain a Domain Validation (DV) certificate for a target domain they did not own.

Read More
  < 1 - 2 - 3 - 4  > 
Displaying results 1-8 (of 28)