Mozilla says sorry, Iranian claims credit for Comodo certificate hack

SOFTWARE OUTFIT Mozilla apologised for a bad call over an incident where secure sockets layer (SSL) certificates were compromised, while an Iranian hacker claimed responsibility.

In a blog post, Mozilla said that it did not publish information it received about fraudulent SSL certificates before releasing a patch to its Firefox web browser against the problem.

Last week, Comodo admitted that a hacker acquired fake SSL certificates after stealing the username and password of a "trusted partner".

Mozilla said, "In hindsight, while it was made in good faith, this was the wrong decision. We should have informed web users more quickly about the threat and the potential mitigations as well as their side-effects."

Meanwhile, in a message posted on hacker upload site Pastebin, a 21-year old Iranian programmer claimed responsibility for the attack.

Comodo initially believed that the attack was the work of the Iranian government, but "Comodo Hacker" bragged that he was responsible and said that there will be more attacks to come.

Insecurity experts have said that the work could easily have been done by a single hacker. Robert Graham of Errata Security said that the general details of the hack outlined by the Iranian were correct, and that he found the post credible. µ