Ich Sun is back, claiming the #MostSophisticatedHackOfAllTime

You may have read my comodogate article back in March where I reported that the comodogate hacker, going by the name Ich Sun told me “…there is a lot of vulnerable CAs, I got some other stuff”. Well, in the last 24 hours he claims to have been responsible for the DigiNotar compromise and a few minutes ago provided another update; in these updates he reveals that as a 21 year old Iranian, he has compromised another 4 certificate authorities (CAs) as well as reverse engineered windows update (update your windows here). What do these hacks do? He can impersonate any secure website he wishes, which includes impersonating google and gmail which has already been seen in the wild using these certificates. The certificate authority model that secures the internet as we know it today will change as a result of this, so it has some serious impact.

What can you do?

If you’re on twitter, I’ve found the most interesting discussion on the topic between Kevin S McArthur, Moxie Marlinspike and Marsh Ray, although it’s fairly technical in nature due to the complexity of this attack. Otherwise, stay tuned here for updates, or ask us your questions.