In a fresh blow to the fundamental integrity of the internet, a hacker last week obtained legitimate web certificates that would have allowed him to impersonate some of the top sites on the internet, including the login pages used by Google, Microsoft and Yahoo e-mail customers.
The hacker, whose March 15 attack was traced to an IP address in Iran, compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com,
www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.
more here:
http://www.wired.com/threatlevel/201...do-compromise/