The hacker allegedly responsible for stealing digital certificates from Comodo has said that further certificate authorities may have been hacked.
In an email interview, the hacker going by the name Sun Ich said "maybe there is more CAs involved", but would not elaborate, saying only that it is the decision of affected authorities to come forward. There are hundreds of certificate authorities (CAs) around the world, responsible for authorising digital certificates that determine which websites browsers can trust. CAs use registration authorities to administer certificates.
The alleged lone Iranian hacker made headlines after he broke into one of Comodo's registration authorities InstantSSL.it and obtained nine fraudulent digital certificates for the likes of Gmail, Microsoft Live, Mozilla and Skype. He posted the private key to the Mozilla certificate as proof of the attacks.
For more on this story, read Comodo attacker hints at more CA hacks on ZDNet Australia.