Serious Discussion Comodo forum hacked?

harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
9,036
1740256989892.png

 
  • +Reputation
  • Like
Reactions: Dave Russo, ErzCrz, piquiteco and 4 others
Chuck57

Chuck57

Level 13
Verified
Top Poster
Well-known
Oct 22, 2018
607
I just tried to go to the Comodo forum and no luck.
I'm still hanging with Comodo firewall, but I'm starting to think that Portmaster may be the future, as far as my laptop is concerned. I can't help but wonder if something isn't going on at Comodo, and not for the better.
 
Last edited:
  • Like
  • Wow
Reactions: New_Style_xd, Dave Russo, piquiteco and 1 other person
bazang

bazang

Level 12
Jul 3, 2024
551
Zero Knowledge said:
I don't think he cares to be honest especially these days, I'm starting to think he a figment of our imagination!
Click to expand...
Comodo software has always been the Owner's ideological pet projects. Melih never intended any of his software pet projects to ever generate any profit. So he has never maintained the software and the infrastructure as an Owner who was dependent upon revenue from it.

It is astonishing that like 99.9% of the people on security forums do not or cannot or will not make the connection between software/infrastructure revenue and software/infrastructure quality (both code and service & maintenance thereof).

Mostly it is people who are disgruntled about bugs and all the various other issues because they believe that even it is free then it should be bug free. The ignorant argument goes something like this "Melih created it and made it zero cost (free) and therefore because people can download it and install it on their systems he is ethically, morally, and socially obligated to spend whatever money necessary out of his own personal pocket to make it the same quality as other free AV."

Uhm. No. Just No.

Does anyone here realize that the Comodo company does not pay for the development & maintenance of CIS or CFW? Melih supports directly - by spending his own personal money - out of his own pocket to keep the entire CIS/CFW effort free and alive. The sum of money required is not trivial and he has stated that he will never be willing to spend the amount of money required to make the product a refined one.

The best thing that Melih can do is just to stop producing any software. Get rid of the entire Comodo infrastructure supporting CIS and CFW. But, you know, he won't. Because he is really stubborn and every day that a single person downloads and installs CIS or CFW he believes his anti-AV industry ideology is proven. To a large extent he has proven both himself and his anti-AV industry ideology to be correct.
 
piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
630
I also see the same thing when I access the Comodo forum: my connection is not private and it's still in red, not secure..😞
Kubernetes Ingress Controller Fake Certificate
 
  • Like
Reactions: simmerskool
bazang

bazang

Level 12
Jul 3, 2024
551
piquiteco said:
I also see the same thing when I access the Comodo forum: my connection is not private and it's still in red, not secure..😞
Kubernetes Ingress Controller Fake Certificate
Click to expand...
The certificate is not fake. This is a known issue with Kubernetes and can be fixed. But, you know, there are people here claiming that the Comodo forum has been hacked and a fake certificate placed onto the site. Typical social media reactionaries.

github.com

Ingress nginx controller showing Kubernetes Fake certificate when the ingress is properly configured with SSL certificate · Issue #8414 · kubernetes/ingress-nginx

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.): Release: v1.1.1 Build: a17181e Kubernetes version (use kubectl version):v1.21.9 Environment: Cloud ...
github.com github.com
 
piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
630
harlan4096 said:
View attachment 287531
Click to expand...
Kaspersky's products are good at identifying fake certificates. Many people don't like the fact that AV products manipulate certificates, and I completely agree, but Kaspersky can tell with millimeter precision whether a certificate is fake or tampered with, and I think that's incredible.
 
  • Like
Reactions: Moonhorse, brambedkar59, Jonny Quest and 2 others
bazang

bazang

Level 12
Jul 3, 2024
551
piquiteco said:
Kaspersky's products are good at identifying fake certificates. Many people don't like the fact that AV products manipulate certificates, and I completely agree, but Kaspersky can tell with millimeter precision whether a certificate is fake or tampered with, and I think that's incredible.
Click to expand...
The certificate is not fake. Nobody modified or tampered with the Comodo forum website certificate. It is a known issue with Kubernetes that has been reported many times.

discuss.kubernetes.io

Your connection is not private(Kubernetes Ingress Controller Fake Certificate)

Hello everyone, I"m trying to understand a strange issue with my site being loading on the initial deployment or any update service type LB or ingress controller and then throwing a SSL error after a minute or so due to a Kubernetes Ingress Controller Fake Certificate I have service Type LB...
discuss.kubernetes.io discuss.kubernetes.io

learn.microsoft.com

Kubernetes NGINX ingress doesn't send the right certificate during SSL handshake - Microsoft Q&A

Greetings. I have two dockerized applications accessible through an ingress controller nginx on an AKS Cluster. Both of my applications are coded with Java SPRING. One of my application have to access the other one through SSL and so make an SSL…
learn.microsoft.com

github.com

Ingress not using TLS-supplied crt/key, instead using fake Kubernetes Ingress Controller Fake Certificate · Issue #4979 · kubernetes/ingress-nginx

NGINX Ingress controller version: 0.27.1, but have also tried with additional releases. Kubernetes version (use kubectl version): 1.15.9 Environment: Cloud provider or hardware configuration: local...
github.com github.com



stackoverflow.com

SSL Certificate added but shows "Kubernetes Ingress controller fake certificate"

I am new to GCP/Cloud, and I have created a cluster in GKE and deployed our application there, installed nginx as a pod in the cluster, our company has a authorized SSL certificate which I have upl...
stackoverflow.com stackoverflow.com

Literally hundreds of other links are available via a 10 second Google search.
 
ErzCrz

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,296
Annoying to see yet another certificate issue. I'm sure it wasn't that long ago (October or November) when there was the same issue. I think it took them a couple of months just to fix the software certificate, I wonder how long it will take to fix the website one. Usually these things are pretty quick. We'll just see...
 
  • Like
  • HaHa
Reactions: New_Style_xd and simmerskool
bazang

bazang

Level 12
Jul 3, 2024
551
TairikuOkami said:
Comodo's certificates, hacker's best friends. Still, how can ACME Co certificate be fake, when it's quality is guaranteed?!

View attachment 287534 View attachment 287536 View attachment 287533
Click to expand...
I am pretty sure that Melih was bored one night and to pass the time he deliberately misconfigured Comodo forum's Kubernetes to troll MT members.

Melih is also known as (AKA) "The Acme Troll."

ACME CO is the Kubernetes default value:

# Create self-signed crt/key pair. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/CN=ACME CO" # base64-encode this data, and stuff it into a K8S TLS secret.

echo | openssl s_client -showcerts -servername acme:443 -connect acme:443 2>/dev/null | openssl x509 -inform pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0a:2a:7b:52:02:51:fe:7d:ff:ad:65:ea:41:8a:95:44 Signature Algorithm: sha256WithRSAEncryption Issuer: O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate Validity Not Before: Jan 28 15:27:33 2020 GMT Not After : Jan 27 15:27:33 2021 GMT Subject: O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus:
 
Last edited:
  • Like
Reactions: simmerskool
P

Pico

Level 6
Feb 6, 2023
272
bazang said:
Comodo: "This is a demonstration of Comodo's superior ability to prevent people from accessing harmful online content."
Click to expand...
The 404 error is a screenshot taken when trying to access Comodo's forum and ignoring the certificate issue.
Yeah Comodo is right, Comodo's forum contains harmful content. :ROFLMAO:
 
Chuck57

Chuck57

Level 13
Verified
Top Poster
Well-known
Oct 22, 2018
607
Xcitium forums are accessible but it wouldn't take an hour to read every post there. I've talked myself into Portmaster (free). I done some reading here and on other sites and haven't seen anything negative. Plus, they're partnering with IVPN which ought to be a plus.
 
  • Like
Reactions: simmerskool, ErzCrz and Jonny Quest

Similar threads

R
    • Like
    • +Reputation
Serious Discussion Comodo Containment "Restricted" Restriction Level
Replies
24
Views
2,630
Comodo
rashmi
R
vitao
    • Like
    • Applause
Kaspersky Antivirus Free + Comodo Firewall Test Against 100 New Malwares (10/2024)
Replies
5
Views
938
Comodo
vitao
vitao
tofargone
    • Like
  • Locked
Question Give me an unbiased opinion please. Concerning Containment and CS
Replies
140
Views
8,133
Comodo
cartaphilus
cartaphilus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top