- I got a lot of messages and responses with different ideas and I thought it's time to response all of them:
- a) "He (referring to me) is so self proud and bluffs about RSA", etc.
- Yes, maybe I wrote too much good words about myself, but none of them was wrong. Just I was too happy about my work, maybe I wrote more than what I should.
- About RSA. Some people who have no idea about encryption and encryption protocols says that it's all wrong, I'm lying, it's impossible, etc.
- I should say that about last 6 years of my life had been spent on encryption and cryptanalysis, I cryptanalysis all type of encryption algorithms, I don't want to talk about details of research and my work, just know that when people in blackhat presented A5/1 rainbow table, that was too funny for me, such huge database with problem of frequency hopping remaining unresolved, means nothing. A5/1 could be broken easier with solution to frequency hopping in so reasonable time. Just in addition I should say, I program for ARM and AVR processors. Find it's relation and get what you should get. Forget it if you don't understand relation. There is really much more to say on my cryptanalysis work, but there is no use as more updates will come to corrupt my work.
- Anyway, yes, you are right I didn't broke RSA, but I'm in it's way, current algorithm I own (for integer factorization) is far far faster than others like Pollard's. I just don't focus on integer factoring, also I work on cryptanalysis RSA itself, yes, I didn't found a way YET, but even if find I won't publish it, just I'll use it. I hope RSA stuff keep close after this comment.
- b) "If he already broke UltraSurf or TOR, why he was looking for breaking RSA or stealing certificates?"
- - Good point, even if you break UltraSurf or TOR, you can't intercept HTTPS traffic without them.
- c) "Comodo hack was so easy, Italian reseller was insecure, hack was nothing, it's trivial, simple hack, ..." etc.
- - First of all, for some people, if you split the moon in the half, it's nothing, they'll say you are a good magician, that's all, like what people said to our Prophet when he actually did it.
- Anyway, for whom who is not like people I mentioned above, it's not so simple hack, it took me time, I hacked a lot of resellers, but I found out that most of CAs verify customers in their own way. After a lot of research and talking as a customer to CAs, I found out there is possible potential in Comodo, I saw resellers can't verify customers, but Comodo partners can, I hacked so much Comodo reseller account, but all of them was not able to use ApplySSL API. They was able to use only OrderSSL API (I learned these stuff after I owned instantssl.it) Anyway... From listed resellers of Comodo, I owned 3 of them, not only Italian one, but I interested more in Italian brach because they had too many codes, works, domains, (globaltrust, cybertech, instantssl, etc.) so I thought they are more tied with Comodo.
- After breach in insantssl.it, as you know default IIS configuration doesn't let you to do so much thing, getting SYSTEM (highest level in windows OS, like root in *nix) shell from that server with all updates installed and AVG Anti-Virus wasn't easy.
- After that I even installed keylogger on their server and I was monitoring administrators who logged in, keylogger was mine which bypasses all AV and Firewalls (including Kaspersky heuristic engine to Comodo Internet Security). So do not try to make it look simple.
- d) He's connected to somewhere, he's not alone, he's not 21 years old, he's not from Iran, his english is good, his english is bad, ..........
- - You don't deserve an actual answer, just I repeat, I'm from Iran, acting alone, work and research on cryptography daily, I don't care ideas about my english. That's all
- At the end, I want to say my message to world leaders with problems with Iran and Iranian people:
- 1) So counted green movement people in Iran isn't most of Iran, so when Obama says I'm with Iranian young community, I should say as Iranian young simply I hate you and I'm not with you, at least 90% of youngs in Iran will tell you same thing, it's not my sentence. But you have bad advisors, they report you wrong details, maybe you would think better if you have better advisors.
- 2) To Ashton and others who do their best to stop Iranian nuclear program, to Israel who send terrorist to my country to terror my country's nuclear scientist (http://www.presstv.com/detail/153576.html), these type of works would not help you, you even can't stop me, there is a lot of more computer scientist in Iran, when you don't hear about our works inside Iran, that's simple, we don't share our findings as there is no use for us about sharing, so don't think Iran is so simple country, behind today's technology, you are far stronger then them, etc.
- Iran will do it's job about nuclear program, as it's simple right of each nation. Instead of struggling and obeying a fake regime's orders 22,072 km area (sum of area of some cities in Iran) and 63 years back, join Iranian people with 1000s years of civilization. Only loser of this fight is you.
- If a person in my age reached this level of expertise and knowledge keep the rest of olders and scientist in different areas like Physics, Chemistry, Math and Technology.
- Let's have a better world by not obeying 63 years old fake regime. That's all I have to share with you right now.
- Anyone interested in talk? Contact me at: ichsun [at sign goes here] ymail [put a dot here] com
Response to comments from ComodoHacker
ComodoHacker Mar 29th, 2011 19,238 Never
RAW Paste Data