[Donna]

joe53, on Jul 5 2009, 01:15 PM, said:

I see where Melih claims:

"There are ill intentioned people out there who are spreading lies saying that hopsurf is IAC/ASK toolbar..."

http://forums.comodo...05342#msg305342

The duplicity in this statement is astounding. If it looks like a duck, walks like a duck, and quacks like a duck ... it's a duck!

Strangest CEO I've ever seen.

hayc59, on Jul 5 2009, 05:18 PM, said:

Melih, is starting to believe himself!! LOL
and you have to love his troopers
http://www.wildersse...p;postcount=119

hhhmm Josh wrote at that link in Wilders forums:

Quote

On this malware issue, Comodo revoke anyone misusing Comodo digital certs period. Just once the reporting failed and Comodo were delayed in revoking a misused cert, and all this issue about false statements about how Comodo does sell to certs to malware sites is about us being slow in one incident. Digital Cert misuse happens, will continue to happen. Just like many other misuses we have in the world. I believe Comodo have a pretty decent system for revocation and and they do improve it.

It seems he failed to read what Melih said last time regarding this malware/cert issue. Melih was pointing fingers and denying the report (and even question the ethics MVP Mike Burgess). Not to mention that he is not willing to stop selling the said cert even if it's obvious rogue because if they stop or restrict, they will lose from rivals. The rivals have good method though than them that can prevent malware/rogue domains to misuse the cert in trying to get some trust from potential victims.

And oh... it's not 'slow one incident'. If we'll read the previous posts in this thread... we'll see how they continue to allow a new domain name from the same rogue/malware domain owner even after this incident that he is saying as "one incident".

I can't believe we're dealing with this type of security team. What a team they have

[mvdu]

This HopSurf thing is really shady IMO. It was done to look like they listened to their users, while ask.com is still the search engine. How can they disavow the search as part of the toolbar? As far as I'm concerned, this move is even worse than what they had before due to the deception.

[Donna]

Note that other applications have added Ask.com as search provider but:

1. Not as "one and only search provider" in the program.
2. Easy to remove because nothing is installed - not a component or part of the program. Just hit remove and the search provider is gone. Nothing is added in the registry or no changes is made in the system.
3. EULA does not contain Ask/IAC terms which means end-users need not to worry about privacy if they will not use it or if they will remove any search providers

The above 3 items does not apply to programs with Ask Toolbar or toolbar that was developed in partnership with IAC/Ask. We got not problem of any vendors partnering with whoever toolbar or search as long as the company they partnered does not have privacy/security issues and do not have spyware related business. People keep saying 'others have toolbar by Yahoo, Google, Live etc'... what they missed is.. what does the end-user gets when using the what you call ... shady (while others call it 'suspect' and then some call it as 'risk - PUPs, adware/spyware/malware') application/partnership.

So yes, they continue to mislead their customers or free users.

[Donna]

New blog entry by MVP Mike Burgess:

Comodo continues to damage it's reputation
http://msmvps.com/bl...10/1699205.aspx

[hayc59]

Donna, on Jul 10 2009, 05:22 PM, said:

New blog entry by MVP Mike Burgess:

Comodo continues to damage it's reputation
http://msmvps.com/bl...10/1699205.aspx

That is just a mind blower...security software.....phitttttt!!

[Data]

Comodo started a reporting thread: submit Malware files that have a Code Signing Certificate
It's in the offtopic section, which would be appropriate considering...

[Philip Brampton]

I used to use Comodo but just recently it had caused many problems so i uninstalled it and now use Avira and the Windows Firewall which work very well together.
I have been following the certificates story for some time and was very concerned with what i had read.That in it's self was almost enough for me to dump Comodo so the other problems were a good excuse.
I would like to know more about these certificates.
Could somebody kindly tell me in simple English what exactly certificates are and what they do and how does Comodo make money from them
I would like to make a fair judgement about Comodo because it is basically a good product so i don't understand why Comodo needed to get involved.
Thanks and Regards

[hayc59]

Philip, Hello if you have the time and I know there are alot
of pages on this issue, you will find everything you need
to know about the cerificates in question that Comodo/Melih
is/are involved with here in this thread. Gordon

[mvdu]

Melih's attacks on Donna are getting really ridiculous! See here:

http://forums.comodo...n-t42573.0.html

What is Melih doing to change things where DV certs are concerned?
Where is the reporting system and other checks that his security team could put in place? Why do they allow the same people twice?

[ColdinCbus]

mvdu, on Jul 12 2009, 01:23 PM, said:

Melih's attacks on Donna are getting really ridiculous! See here:

http://forums.comodo...n-t42573.0.html

What is Melih doing to change things where DV certs are concerned?
Where is the reporting system and other checks that his security team could put in place? Why do they allow the same people twice?

I wounder why they are mentioning Donna. She not even attached to either of the sites they have posted in that thread.

And the threat by a mod to hack a site is a little disturbing.

[Charlie]

ColdinCbus, on Jul 12 2009, 12:37 PM, said:

And the threat by a mod to hack a site is a little disturbing.

And should be dealt with through the law enforcement.

[mvdu]

ColdinCbus, on Jul 12 2009, 05:37 PM, said:

mvdu, on Jul 12 2009, 01:23 PM, said:

Melih's attacks on Donna are getting really ridiculous! See here:

http://forums.comodo...n-t42573.0.html

What is Melih doing to change things where DV certs are concerned?
Where is the reporting system and other checks that his security team could put in place? Why do they allow the same people twice?

I wounder why they are mentioning Donna. She not even attached to either of the sites they have posted in that thread.

And the threat by a mod to hack a site is a little disturbing.

Seems as though Donna is just his name for anyone who posts something against Comodo. I find both Melih and that threat to be disturbing.

[Charlie]

mvdu, on Jul 12 2009, 01:12 PM, said:

Seems as though Donna is just his name for anyone who posts something against Comodo. I find both Melih and that threat to be disturbing.

And Comodo is the code name for his authorization 'MALWARE' software

I just see the name 'comodo' on the web anymore and I instantly want to do a malware search

[Donna]

Philip Brampton, on Jul 11 2009, 09:00 AM, said:

I would like to know more about these certificates.
Could somebody kindly tell me in simple English what exactly certificates are and what they do and how does Comodo make money from them
I would like to make a fair judgement about Comodo because it is basically a good product so i don't understand why Comodo needed to get involved.
Thanks and Regards

Hi Philip,

There are several type of certificates issued by several cert vendors. You will need to visit their website to know exactly what certs they are offering but to make it short: If you want to gain 'trust' from potential buyers and offer a 'secure' a connection because you have a store/shop page in your site because you are accepting credit card payments... you'll likely get a certificate issued by cert vendors. If you want to secure/encrpt your email, you will likely get email cert. And many other certs are offered:
http://www.godaddy.c...ssl.asp?ci=8979
http://www.instantss...cate-index.html
http://www.verisign.com/

A scenario: The malware/rogue domain requested for standard or free certificate. The vendor will verify the domain. Not the owner. If the cert issuer have good method to check whether the site is rogue/malware domain or associated with malware/rogue business, the cert issuer will not issue the cert or will revoke it soon if the cert has been issued already.

The problem with Comodo certs: Many malware/rogue domains are using the free or trial cert by Comodo. They attended by revoking the issued cert by them on malware/rogue domains on previous reports while some they did not. The incident on this thread is that Comodo did not attend on the report. When it was published publicly, they deny the report but later admit that there is a report but was buried down. Iit is maybe true that it was buried down or maybe not true (who knows?). Now, if Comodo's certificate issuer team and malware research team is doing their job to create trust and provide security... they should be very careful in issuing whatever cert to anyone. Other cert vendors should be careful to issue cert too. The problem is that we are seeing many malware/rogue domains continue to use Comodo cert. They are depending on 'reports' instead of doing their job because they are likely to lose from their rival cert vendors if they don't issue a cert as fast as the can. So to issue cert as fast as they could.. they just issue it (whether you're malware/rogue domain or not). If someone report, they will revoke? Why the need to wait for someone to become a victim that they just bought rogue antispyware from a site carrying Comodo cert? Note that some people thinks with "lock" icon in the broser means the site/online store/payment page is to trust. If Comodo or others did not issue the free/trial/standard cert, there won't be lock or https connection. That will prevent people to trusting the page but sorry.... Comodo seems not interested to do what they claim.. creating trust online.

Next:

1. A domain owner will request for free or trial certificate from Comodo or other cert vendors. Example: url.com want to sell antispyware, he need cert so he can use https:// protocol which is secure protocol. That is to start to create 'trust' that the connection to the said domain carrying the cert is 'secure' but it does mean you can trust the site because it's not carrying another type of cert which is the extended validation (to check the person, the company, the installer etc...)
2. Comodo and other cert vendors issues the cert for free or trial or for a fee.

The above is how Comodo and others make money from domain owners.

[Data]

Donna is high profile, and has a respected position. Melih isn't, and doesn't. I reckon he sees her as his weakest "opponent". He is using her as a scapegoat.
As long as he can keep the focus on Donna, it's off him. Though that's only relevant on his own board, since nobody else, apart from his own members are falling for it. IMO.

[Donna]

mvdu, on Jul 12 2009, 09:23 AM, said:

Melih's attacks on Donna are getting really ridiculous! See here:

http://forums.comodo...n-t42573.0.html

What is Melih doing to change things where DV certs are concerned?
Where is the reporting system and other checks that his security team could put in place? Why do they allow the same people twice?

I think Melih is a very confused person himself. That's all I can say about his post. I'm not confused. I'm not even bothered about his desktop product because I don't use it but I am and most of us here are concern on his services and software because it is victimizing people and misleading end-users.

As to what that Toggie (a mod) said.. where did he post? He's not a member here. If he's referring to other blog.. then he's another person that is confused

Many people are blogging and writing about Comodo service/products and the Comodo team and Melih are so confused now.

They better see another: http://hphosts.blogs...trust-saga.html
And why don't they go to http://www.thetechhe...empt-legitimacy to see also another? They'll be really confuse and they will call all these entries as "donna's" entries. Not big deal because I share the same opinion with this respected people but it is better if they credit who did the blog or article or analysis or research. It's not me all the time. I voiced only and also look into it and share my thoughts and provide screenshot too LOL

Edit to add: As to Josh post inviting me to go to their forum - why should I go there to explain? I have nothing to explain because I'm not the one who have to explain something.

[hayc59]

Nice Mods at that forum!! seems we hit a major artery
and they are bleeding out!! oh and the threats...bring it on
**see image

This post has been edited by hayc59: 12 July 2009 - 09:36 PM

[Donna]

Thanks Steven for another blog:

Quote

Not content with Melih's blaming MS MVP, Donna Buenaventura for a blog posting by someone else, one of Melih's moderators have gone one step further and posted;

"We should hack her site and post the truth"

Let me make this VERY clear Melih, and I suggest your staff take note. Whether meant seriously or not, this kind of behaviour from self claimed "professionals" working for an alledged, legit security company, are NOT going to do you any favours - quite the opposite.

http://hphosts.blogs...ase-oh-and.html

[MysteryFCM]

I don't have the energy to register for the forums just to tell him that he's STILL making the mistake of accusing Donna of something someone else wrote ....

http://forums.comodo...09029#msg309029

I also don't have the enery to register to tell him that, and tell him that what Mike wrote was accurate, not "lies" as he put it.

I'll just wait and see how long it takes him to realise ....

[Triple Helix]

Now I know why I cancelled my membership over at the Comodo forums 3 months ago and since BOClean is no longer alive!!

Lots of fud over there ROFLMAO

Daniel