ocsp.comodoca.com blocklisted (by comodo itself)
Update: Looks like Comodo fixed its classification of the site in an updated report [2]. The site still shows one suspicious scan, but the overall status is "safe". McAfee classifies the site as "minimal risk" but the history still shows a red high risk for web reputation as of today/yesterday. [3]
---
A couple of readers have noticed that "ocsp.comodoca.com" has been labeled as "suspicious" and distributing malware for the last couple of days. In particular Comodo's own site inspector service has been identifying the URL as suspect [1]
OCSP is a newer web service that allows clients to verify if an SSL certificate has been revoked. The older standard, CRL (Certificate Revocation List) required that browsers download the entire list. With OCSP, it is possible to query the status of an individual certificate. The certificate has to have the URL for the respective CRL or OCSP service embedded.
Many browsers will accept a certificate, even if the OCSP service does not respond. They will only mark it as invalid, if the OCSP service responds with a result marking the certificate as revoked. However, for Extended Validation (EV) certificates, browsers tend to be more specific and require a positive OCSP response.
ocsp.comodoca.com appears to be the valid OCSP URL for Comodo. For example, the certificate used for https://www.comodo.com uses this particular OCSP URL. https://isc.sans.edu uses a Comodo based certificate ("Usertrust") as well, and the OCSP URL used for our certificate, ocsp.usertrust.com appears to be affected.
[1] http://siteinspector.comodo.com/public/reports/4753361
[2] http://siteinspector.comodo.com/public/reports/4779683
[3] http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=178.255.83.1
Also a good article about this in Dutch can be found here: http://www.security.nl/artikel/42063/1/McAfee_blocks_ocsp.usertrust.com_%28178.255.83.1%29.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago