The SSL security hacking attack revealed last week may have been worse than first thought, after Comodo said that two more associate companies were hit.
Comodo chief technical officer Robin Alden said in a posting on mozilla.dev.security.policy that two more of the company's associate sites had been hacked in similar attacks to the original.
In these cases no fake certificates were issued before the attacks were detected and shut down.
In the wake of the attacks Comodo is beefing up its security to deal with new threats against the SSL infrastructure, he said.
"We are implementing IP address restriction and hardware-based two-factor authentication," wrote Alden.
"The rollout of two-factor tokens is in progress but will take another couple of weeks to complete. Until that process is complete Comodo will review 100 per cent of all validation work before issuing any certificate."
While the effects of the break-in have been limited owing to fast action by browser manufacturers and others, the case has raised serious questions about the state of security for SSL issuing bodies.
"What we are seeing here is a further example of a fundamental problem with SSL," Peter Eckersley, senior staff technologist for the Electronic Frontier Foundation (EFF), told V3.co.uk. "There are just too many points of failure in the system."
Eckersley explained that research by the EFF had shown that there are 1,500 certification systems controlled by 650 different organisations. Trying to defend one organisation is hard enough, he said, but doing the same for 650 is a recipe for disaster.
The EFF is working on a browser plug-in that checks SSL certification of sites against a database run by the Tor Project. While not perfect, it would provide a real measure of protection against such attacks. The final code should be released this year.
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Spray-on antenna could enable seamless integration of antennas with everyday objects
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA