Nick, Ángel, Sectigo is not affected by this incident. https://sectigo.com/blog/attention-journalists-and-researchers-dont-confuse-comodo-with-sectigo
Regards Robin Alden Sectigo Limited > -----Original Message----- > From: Nick Lamb via dev-security-policy > Sent: 27 July 2019 23:42 > > On Sun, 28 Jul 2019 00:06:38 +0200 > Ángel via dev-security-policy <dev-security-policy@lists.mozilla.org> > wrote: > > > A set of credentials mistakenly exposed in a public GitHub repository > > owned by a Comodo software developer allowed access to internal > Comodo > > documents stored in OneDrive and SharePoint: > > > > https://techcrunch.com/2019/07/27/comodo-password-access-data/ > > > > > > It doesn't seem that it affected the certificate issuance system, but > > it's an ugly security incident nevertheless. > > What was once the Comodo CA is named Sectigo these days, so conveniently > for us this makes it possible to simply ask whether the incident > affected Sectigo at all: > > - Does Sectigo in practice share systems with Comodo such that this > account would have access to Sectigo internal materials ? > > In passing it's probably a good time to remind all programme > participants that Multi-factor Authentication as well as being > mandatory for some elements of the CA function itself (BR 6.5.1), is a > best practice for any security sensitive business like yours to be using > across ordinary business functions in 2019. Don't let embarrassing > incidents like this happen to you. > > Nick. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy