Nick, Ángel,
Sectigo is not affected by this incident.
https://sectigo.com/blog/attention-journalists-and-researchers-dont-confuse-comodo-with-sectigo
Regards
Robin Alden
Sectigo Limited
> -----Original Message-----
> From: Nick Lamb via dev-security-policy
> Sent: 27 July 2019 23:42
>
> On Sun, 28 Jul 2019 00:06:38 +0200
> Ángel via dev-security-policy <dev-security-policy@lists.mozilla.org>
> wrote:
>
> > A set of credentials mistakenly exposed in a public GitHub repository
> > owned by a Comodo software developer allowed access to internal
> Comodo
> > documents stored in OneDrive and SharePoint:
> >
> > https://techcrunch.com/2019/07/27/comodo-password-access-data/
> >
> >
> > It doesn't seem that it affected the certificate issuance system, but
> > it's an ugly security incident nevertheless.
>
> What was once the Comodo CA is named Sectigo these days, so conveniently
> for us this makes it possible to simply ask whether the incident
> affected Sectigo at all:
>
> - Does Sectigo in practice share systems with Comodo such that this
> account would have access to Sectigo internal materials ?
>
> In passing it's probably a good time to remind all programme
> participants that Multi-factor Authentication as well as being
> mandatory for some elements of the CA function itself (BR 6.5.1), is a
> best practice for any security sensitive business like yours to be using
> across ordinary business functions in 2019. Don't let embarrassing
> incidents like this happen to you.
>
> Nick.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
