On Sun, 28 Jul 2019 00:06:38 +0200 Ángel via dev-security-policy <[email protected]> wrote:
> A set of credentials mistakenly exposed in a public GitHub repository > owned by a Comodo software developer allowed access to internal Comodo > documents stored in OneDrive and SharePoint: > > https://techcrunch.com/2019/07/27/comodo-password-access-data/ > > > It doesn't seem that it affected the certificate issuance system, but > it's an ugly security incident nevertheless. What was once the Comodo CA is named Sectigo these days, so conveniently for us this makes it possible to simply ask whether the incident affected Sectigo at all: - Does Sectigo in practice share systems with Comodo such that this account would have access to Sectigo internal materials ? In passing it's probably a good time to remind all programme participants that Multi-factor Authentication as well as being mandatory for some elements of the CA function itself (BR 6.5.1), is a best practice for any security sensitive business like yours to be using across ordinary business functions in 2019. Don't let embarrassing incidents like this happen to you. Nick. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
