Released on: May 21, 2008, 8:49 am

Press Release Author: Comodo Group

Industry: Computers

Press Release Summary: Comodo issues security advisory on Debian vulnerability flaw,
confirming that while Comodo Certificates are unaffected, some certificates created
using Debian Distribution are vulnerable which is why Comodo is offering free
replacement services for affected SSL certificates - regardless of original
certificate provider

Press Release Body: Jersey City, NJ (May 21, 2008) - Comodo, a global leader in
Identity and Trust Assurance Management solutions, announced today that it would
offer free SSL certificates to any online businesses affected by the security flaw
recently detected in Debian - the LINUX distribution. While Comodo stressed that the
SSL certificates it issued are not vulnerable (it is the private keys generated by
the users that may be vulnerable), it is offering assistance to Comodo customers as
well as to anyone using a competitive SSL certificate from VeriSign or others by
offering a new SSL certificate free of charge.

The security flaw (discovered last week) affects OpenSSL in Debian versions of the
Linux operating system. The security flaw allows brute forcing of vulnerable keys
and could lead to a compromise of secure communications using the keys. To support
and assist affected merchants in their efforts to remedy the problem, Comodo is
offering free replacement certificates for any certificate that may have been
compromised, even if the original certificate was provided by another company.

Affected users are advised to replace their certificates in order to ensure the
security of their sensitive data including passwords, financial accounts, credit
card numbers, and identities. Comodo customers can log into their accounts and
replace their certificates with a new CSR (Certificate Signing Request). Customers
should update the OpenSSL package to the latest version, create a new CSR and key
pair then proceed to replace the affected certificate. Non Comodo customers can
visit: http://www.instantssl.com ssl-
certificate-support/debian/ssl-certificate-contact.html to get the free certificate.
Other security information regarding this vulnerability can be viewed at;
http://lists.debian.org/debian-security-announce/2008/msg00152.html

\"We are making this offer for a free replacement SSL certificate to any affected
business, regardless of their original provider because we recognize that SSL
certificates are a pivotal foundation of a trusted Internet,\" said Melih
Abdulhayoglu, CEO and Chief Security Architect of Comodo. \"SSL certificates working
properly are essential to the success of online commerce, and we are giving free
certificates as an incentive to encourage immediate remedial action. Our free offer
is intended to remove any barriers from businesses needing to correct these
certificates.\"

More information can be obtained at Comodo\'s Knowledge Base at;
https://support.comodo.com/index.php? _m=knowledgebase&_a=viewarticle&kbarticleid=1177
About Comodo

The Comodo companies provide the infrastructure that is essential in enabling
e-merchants, other Internet-connected companies, software companies, and individual
consumers to interact and conduct business via the Internet safely and securely. The
Comodo companies offer PKI SSL, Code Signing, Content Verification and E-Mail
Certificates; award winning PC security software; vulnerability scanning services
for PCI Compliance; secure e-mail and fax services.

Continual innovation, a core competence in PKI, and a commitment to reversing the
growth of Internet-crime distinguish the Comodo companies as vital players in the
Internet\'s ongoing development. Comodo secures and authenticates online transactions
and communications for over 200,000 business customers and 3,000,000 users of our
desktop security products.

For additional information on Comodo - Creating Trust OnlineT visit
http://www.comodo.com

For more information, reporters and analysts may contact:
Judy Shapiro
Comodo
+1 (201) 963-9471
Email: judy.shapiro@comodo.com

Web Site: http://www.comodo.com

Contact Details: +1 888 266 6361
media-relations@comodo.com