Digital certificate issuances surge in the wake of Heartbleed
Comodo Group, Inc, said it has issued tens of thousands of new digital certificates following the Heartbleed bug that jeopardized Internet users' data.
Comodo is a privately held group of companies based in New Jersey that provides computer software and Secure Sockets Layer (SSL) digital certificates. It issues the digital certificates that encrypt traffic between users and a Web service and protects users from spying by third parties.
Robin Alden, Comodo's chief technology officer, said Comodo has seen a huge uptick in requests for new digital certificates from website operators in just over a day.
"The last couple of days, we've seen replacement rates running at somewhere between 10 to 12 times the normal rate than were replacing a week ago," Alden said. "That's obviously fallout from this."
The surge comes after the disclosure last week of the Heartbleed bug in an open-source software package called OpenSSL that is widely used in operating systems, routers and networking equipment.
Experts say the flaw could allow an attacker to obtain the private key for a SSL certificate. Using that private key, an attacker could create a fake website with an SSL certificate that passes the verification test indicated by a browser's padlock.
Heartbleed can also be used by an attacker to remove sensitive data in large 64K chunks from a Web server. This data can include login information from users who recently used the service.
Experts said the OpenSSL vulnerability created by Heartbleed affects over 500,000 websites using digital certificates issued by trusted certificate authorities. It is unknown if cybercriminals or state-sponsored hackers have been exploiting the flaw prior to its disclosure last week since the attacks do not leave traces in server logs.