Friday, March 25, 2011

High school worker suspended after she's outed as a porn star

Samantha Ardente worked as an administrator in a Quebec secondary school. (Facebook)

LEVIS, Que. — A high school clerical worker who moonlights as a porn star had her cover blown when a student asked her for an autograph after he recognized her from a blue movie.

The woman, known by the stage name Samantha Ardente, has been suspended without pay while Etchemins High School near Quebec City decides whether the star of Serial Abusers 2 will keep her day job.

“It’s a first in our history,” school board spokeswoman Louise Boisvert told QMI Agency. “Even if she didn’t work directly with the students, we have to evaluate the impact that this story will have on her, on the students and on the staff.”

The administrative employee was recently confronted by a student who had seen one of her films. She refused his request for an autograph and told him to keep quiet about her double life. He instead told his friends and word eventually got back to the administration.

A teacher at the school says the news of the clerical worker's secret second job dropped like a bomb at the school of 1,400 students.

“What she did was inappropriate,” said the teacher, who refused to give his name. “But it’s not illegal, either. So we told the students that there’s no place for that (situation) here and we’ll see what happens next.”

The porn star will remain on suspension for two weeks while the school board decides her fate.

Meanwhile, the producer who hired Ardente told QMI Agency he had warned her about the potential risks to her reputation.

“She was very nervous,” said Nicolas Lafleur, owner of Pegas Productions. “She didn’t want to lose her job and I don’t think she told everyone, so it wasn’t easy for her.”

Lafleur has set up a Facebook page for Ardente where people have expressed their support.

Source: http://www.lfpress.com/news/canada/2011/03/24/17738816.html#/news/canada/2011/03/24/pf-17738816.html

Thursday, March 24, 2011

Hacker in Iran obtains web certificates that would enable spoofing of Yahoo, Google & other top sites

In a fresh blow to the fundamental integrity of the internet, a hacker last week obtained legitimate web certificates that would have allowed him to impersonate some of the top sites on the internet, including the login pages used by Google, Microsoft and Yahoo e-mail customers.

The hacker, whose March 15 attack was traced to an IP address in Iran, compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.

The certificates would have allowed the attacker to craft fake pages that would have been accepted by browsers as the legitimate websites. The certificates would have been most useful as part of an attack that redirected traffic intended for Skype, Google and Yahoo to a machine under the attacker’s control. Such an attack can range from small-scale Wi-Fi spoofing at a coffee shop all the way to global hijacking of internet routes.

At a minimum, the attacker would then be able to steal login credentials from anyone who entered a username and password into the fake page, or perform a “man in the middle” attack to eavesdrop on the user’s session.

Comodo CEO Melih Abdulhayoglu calls the breach the certificate authority’s version of the Sept. 11 terror attacks.

“Our own planes are being used against us in the C.A. [certificate authority] world,” Abdulhayoglu told Threat Level in an interview. “We have to up the bar and react to these new threat models. This untrusted DNS infrastructure cannot be what drives the internet going forward. If DNS was trusted, none of this would have been an issue.”

Comodo says the attacker was well prepared, and appeared to have a list of targets at the ready when he logged into the company’s system and began requesting certificates.

In addition to the bogus certificates, the attacker created a ninth certificate for a domain of his own under the name “Global Trustee,” according to Abdulhayoglu.

Abdulhayoglu says the attack has all the markings of a state-sponsored intrusion rather than a criminal attack.

“We deal with [cybercriminals] all day long,” he said. But “there are zero footprints of cybercriminals here.”

“If you look at all these domains, every single one of them are communications-related,” he continued. “My personal opinion is that someone is trying to read people’s e-mail communications. [But] the only way for this attack to work [on a large scale] is if you have access to the DNS infrastructure. The certificates on their own are no use, unless they have access to the DNS infrastructure itself, which a state would.”

Though he acknowledges that the attack could have originated anywhere, and been routed through Iranian servers as a proxy, he says Iranian president Mahmoud Ahmadinejad’s regime is the obvious suspect.

Out of the nine fraudulent certificates the hacker requested, only one — for Yahoo — was found to be active. Abdulhayoglu said Comodo tracked it, because the attackers had tried to test the certificate using a second Iranian IP address.

All of the fraudulent certificates have since been revoked, and Mozilla, Google and Microsoft have issued updates to their Firefox, Chrome and Internet Explorer browsers to block any websites from using the fraudulent certificates.

Comodo came clean about the breach this week, after security researcher Jacob Appelbaum noticed the updates to Chrome and Firefox and began poking around. Mozilla persuaded Appelbaum to withhold public disclosure of the information until the situation with the certificates could be resolved, which he agreed to do.

Abdulhayoglu told Threat Level that his company first learned of the breach from the partner that was compromised.

The attacker had compromised the username and password of a registration authority, or R.A., in southern Europe that had been a Comodo Trusted Partner for five or six years, he said. Registration authorities are entities that are authorized to issue certificates after conducting a due-diligence check to determine that the person or entity seeking the certificate is legitimate.

“We have certain checks and balances that alerted the R.A. [about the breach], which brought it to our attention,” he said. “Within hours we were alerted to it, and within hours we revoked everything.”

It’s not the first time that the integrity of web certificates has come into question.

Security researcher Moxie Marlinspike showed in 2009 how a vulnerability in the way that web certificates are issued by authorities and authenticated by web browsers would allow an attacker to impersonate any trusted website with a legitimately issued certificate.

Source: http://www.wired.com/threatlevel/2011/03/comodo-compromise/