Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Various news reports have confirmed that many web servers are still vulnerable to the Heartbleed bug, which effects Apache servers running SSL. The bug was first reported early in April of this year. Oracle recently released a list of products affected by the Heartbleed OpenSSL vulnerability and hackers appear to be in high gear to exploit Heartbleed.
The scope of the problem has been exposed by a quarterly report for Q2 2014 by Solutionary’s Security Expert Research Team (SERT), concluding that many servers are still vulnerable to the Heartbleed bug. The report took a special look at the heartbleed bug identified earlier this year that could allow a hacker to intercept communication between a browser and a web server using OpenSSL.
SERT found that it was very easy to exploit and that a surprising large number of servers are still vulnerable. As of 06/21/2014, 2 months after the vulnerability was identified and the information necessary to address the problem was made available, 309,147 servers are still vulnerable to Heartbleed.
This issue is only a concern if you have installed OpenSSL 1.0.1 through 1.0.1f and OpenSSL 1.0.2-beta. All other SSL implementations and digital certificate users are unaffected, including all users of Microsoft’s IIS web server.
If you are not sure if your affected, Comodo has updated its SSL analysis tool for you to check. Simply enter your address on the following page:
Note: Only enter domains that are using SSL. If this site is busy, you can also use https://sslanalyzer.comodoca.com/
If you are vulnerable, Comodo will work with you to help ensure that your systems are updated with the fixed version of OpenSSL. We will assist you in quickly and easily acquiring a certificate reissuance that may be required as a result of patching OpenSSL. Call +1 888-256-2608 or Email: Enterprisesolutions@comodo.com to speak to an Enterprise SSL expert.
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.
The Heartbleed bug was uncovered by a group of security engineers from Codenomicon and Neel Mahta from Google Security. On April 7, 2014, they announced vulnerability in the popular OpenSSL cryptographic library to the Internet community. Aptly labeled as the Heartbleed bug, this vulnerability affects OpenSSL versions 1.0.1 through 1.0.1f (inclusive).
It is important to understand that Heartbleed bug is not a flaw in the SSL or TLS protocols; rather, it is a flaw in the OpenSSL implementation of the TLS/DTLS heartbeat functionality. The flaw is not related or introduced by publicly trusted certificates and is instead a problem with server software.
Check your package manager for an updated OpenSSL package and install it. If you do not have an updated OpenSSL package, contact your Service Provider to obtain the latest version of OpenSSL and install it.
Only use these workarounds if you cannot upgrade to the latest version of OpenSSL. If you are unable to upgrade to the latest OpenSSL version, do one of the following:
First, you need to rekey and reissue your certificates, which you do by creating a new key pair and Certificate Signing Request (CSR). To replace your certificate, do the following:
1. Log in to your account via https://secure.comodo.com
2. Click on SSL Certificates
3. Find the certificate you would like to replace/re-issue and click Replace
4. Follow all on screen instructions.
Once you have successfully replaced your new certificate, you need to revoke the old one. To do this, log into your account as before, click ‘SSL certificate’, locate the *old* certificate order and click the ‘Revoke’ link.
Again, don’t hesitate to contact firstname.lastname@example.org if you need help with this.
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP