Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
An SSL/TLS vulnerability has been identified that attackers could use to downgrade the cryptography of HTTPS connections to one vulnerable to decryption. allowing attackers to listen in on communications between a browsers and a server. The severity of this vulnerability is extremely high because attackers can use it to obtain login credentials for sensitive systems such as banking sites to commit financial fraud.
This is reminiscent of the recent Heartbleed and POODLE vulnerabilities that could also be exploited to compromise encrypted communication.
The vulnerability, nicknamed a FREAK attack, involves code from the OpenSSL project as Heartbleed did last year. However, the impact varies by the different vendor browsers.
Apple Safari and Android browsers have been confirmed as vulnerable. However, Chrome is not affected and nor are Internet Explorer and Firefox.
In the 1990s the U.S. government wanted to control the export of what they considered to be “weapons grade” encryption. They would allow the strong, for its day, 128 bit encryption, to be used in the US, but Feds wanted U.S. intelligence services and law enforcement to have “backdoors” when it came to foreign communications. A weak 40 bit encryption suite was introduced referred to as “export grade” for use outside the United States that the American authorities could break if needed.
While most browsers have not supported the 40 bit suites for years, they are present in as many as one third of the SSL libraries and browsers. If the suite is present in a browser, an attacker can mount what is known as a ‘downgrade attack’, forcing the use of the weak cipher suite. Using a man-in-the-middle attack, the attacker inserts a process between the browser and server to intercept and decrypt their messages.
Unfortunately, this feature is still built in to many Web Servers, as many as one third. An attacker can force the vulnerable clients and servers to use the weak export grade encryptions in the HTTPS connections intercept decrypt or alter messages they intercept using a man-in-the middle attack.
For this type of attack to succeed, both the web server and victim’s browser must be vulnerable. If you operate a web server you should disable support for any export suites and all known insecure ciphers. You should then enable forward secrecy. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers.
For web users, you can check if your browser is vulnerable at this site:
Apple and Google are rushing fixes for their browser issues, but this might be a good time to try Comodo’s Chromium based browser Comodo Dragon or the Firefox based Comodo iceDragon. Both have unmatched privacy and security features and are free to download.
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP