Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 12 July 2009

Comodo and the ongoing trust saga

Several issues were brought to light about Comodo over the past lord knows how long, and the latest incident, as with many before it, concern their SSL certs. In this case, Melih's defense is that these are DV certs, and thus do not require "validation" as to the identity of the person obtaining such - this might be the case, but when your tag line is "Creating Trust Online", your defense should NOT be to try and slag off those bringing such to light, or telling them to get in touch with someone else to get this sorted out - IT IS YOUR COMPANY, YOUR CERTIFICATES - YOUR PROBLEM!

If DV certs do not require validation as to the identity or anything else, of the person obtaining such, there's a simple solution - STOP PROVIDING THEM!. Surely you have a choice as to the type of certificate you can issue?

Even if you are forced to offer DV certs, you still have a responsibility to monitor the use of such, and if you don't have the staff to do so, then either hire more staff or STOP ISSUING CERTIFICATES UNTIL YOU HAVE THE INFRASTRUCTURE TO PROPERLY MONITOR SUCH!.

As far as HopSurf, I really couldn't care less who owns it or who developed it - Comodo is alledgedly a security company, again, the tag line comes into play here - Creating Trust Online. Lets see how NOT to create trust shall we?

1. Thou shalt require those installing HopSurf be over 18
2. Thou shalt ensure the toolbar is PRE-TICKED

Yep, great way to create trust there ....

Requiring those installing HopSurf be over 18 implies that the content it provides, is of an adult nature and thus, unsuitable for minors - you do not restrict the ages of those installing your other products, and more importantly (and why I have to point this out AGAIN is beyond me), YOU ARE A SECURITY COMPANY, YOU HAVE NO BUSINESS BEING INVOLVED IN ADULT ONLY CONTENT!!!

References:

Is Comodo President/CEO a Liar? You Decide
http://securitygarden.blogspot.com/2009/07/is-comodo-presidentceo-liar-you-decide.html

Here we go again..
http://forums.comodo.com/empty-t42573.0.html;msg288724;topicseen

Parents, beware of Comodo firewall
http://securitygarden.blogspot.com/2009/07/parents-beware-of-comodo-firewall.html

Comodo continues to damage it's reputation
http://msmvps.com/blogs/hostsnews/archive/2009/07/10/1699205.aspx

Comodo STILL supporting the criminal fraternity (the bad guys)
http://hphosts.blogspot.com/2009/07/comodo-still-supporting-criminal.html

No comments: