Major Insecurity in Comodo’s “Secure” Browser
Like a doctor’s hippocratic oath, a security tool’s first duty is to do no harm.
In an advisory published today, a Google engineer has pointed out that the security firm’s Comodo suite of tools to stay safe online actually exposes users to possible attacks.
Any browser running naked on a desktop is a huge security issue, putting the entire system at risk of compromise. Comodo has done worse by introducing changes to DNS and other policies and settings which can disable or bypass corporate security systems.
This is not the first time Comodo has actually sabotaged browser security. Last year they were found to be adding an SSL man-in-the-middle to intercept and decrypt secure web pages. Even with the best of intentions this can easily introduce additional vulnerabilities.
The Google research report is here.