Sectigo Blog

The term IoT means a lot of things to a lot of people. To consumers, it may be about smart refrigerators, and to heating and cooling installers, IoT may mean connected thermostats.

The term has been around a long time, as evidenced by industrial controllers that have been remotely managed for decades. The commonalities are network connectivity and some level of constraint – such as a lack of direct human interaction – which differentiate IoT devices from smartphones and PCs.

I am pleased to announce that Comodo CA has officially changed its name to Sectigo. This name change communicates that Sectigo is a separate operating entity, and since its separation from its predecessor Comodo Group in 2017, will be an essential element of ensuring that both companies can continue to conduct business without market confusion.

We are proud to announce that Computing Magazine has named our IoT PKI Manager one of three finalists for its esteemed 2018 Security Excellence Awards in the IoT Security Solution category, along with British Telecom and SaltDNA.

At the end of September 2018, the Governor of California signed country's first Internet of Things (IoT) security law, calling for reasonable security features. This is the first cybersecurity bill governing IoT devices, making California the first state in the country to establish formal legislation.

Blogger Troy Hunt recently published a long missive in criticism of Extended Validation SSL, which includes a number of criticisms aimed at the Comodo brand in particular. Since the CA spun out of the larger Comodo Group, Inc. late last year we have been aggressively investigating all aspects of the business to identify where changes are required and to plan and implement them.

On September 11, 2018, a cybersecurity firm reported that it uncovered malicious code injected into the British Airways website, indicating that the hackers in the recent British Airways supply chain phishing attack made use of an increasingly common tactic of using large websites to embed pieces of code from third-party suppliers.

On September 6, 2018 The Register published an article describing how a team of academic security researchers successfully demonstrated that they could use a variant of DNS poisoning to obtain a Domain Validation (DV) certificate for a target domain they did not own.