Xcitium
{{Short description|Software company in United Kingdom}}
{{mi|
{{advert|date=July 2024}}
{{excessive detail|date=January 2025}}
{{too many sections|date=January 2025}}
{{Unreliable sources|date=January 2025}}
}}
{{Use dmy dates|date=June 2019}}
{{Infobox company
| name = Xcitium
| logo =
| logo_size =
| type = Private
| industry = Computer software
| foundation = United Kingdom
({{Start date and age|df=yes|1998}})
| hq_location_city = Bloomfield, New Jersey
| hq_location_country = United States
| area_served = Worldwide
| key_people = Melih Abdulhayoğlu (President and Chairman)
| num_employees = 1,200+{{Citation needed|date=February 2018}}
| homepage = {{URL|https://www.xcitium.com/}}
}}
Xcitium (formerly Comodo Security Solutions Inc.) is a cybersecurity company, including Zero Trust cybersecurity, based in Bloomfield, New Jersey, United States.{{cite news|url=https://www.nasdaq.com/press-release/comodo-security-solutions-rebrands-to-xcitium-2022-07-07|title=Comodo Security Solutions Rebrands to Xcitium|date=7 July 2022|access-date=7 July 2022|newspaper=nasdaq}} In 2022, the company rebranded as Xcitium.{{Cite web |last=Fernando |first=Chris |date=2022-07-07 |title=Comodo Security Solutions Rebrands to Xcitium |url=https://securityreviewmag.com/?p=24490 |access-date=2025-06-10 |language=en-US}}
History
The company was founded in 1998 in the United Kingdom{{cite news|url=http://www.thetelegraphandargus.co.uk/news/11449076.Global_internet_security_firm_s_Bradford_roots/|title=How US entrepreneur's global internet security firm started life in Bradford|date=3 September 2014|access-date=3 September 2014|newspaper=Telegraph & Argus}} by Melih Abdulhayoğlu. The company relocated to the United States in 2004. Its products are focused on computer and internet security. The firm operates a certificate authority that issues SSL certificates. The company also helped set standards by contributing to the IETF (Internet Engineering Task Force) DNS Certification Authority Authorization (CAA) Resource Record.{{cite web|url=https://tools.ietf.org/html/rfc6844|title=DNS Certification Authority Authorization – Comodo |year=2013 |doi=10.17487/RFC6844 |access-date=14 January 2013|last1=Hallam-Baker |first1=P. |last2=Stradling |first2=R. |s2cid=46132708 |doi-access=free}}
In October 2017, Francisco Partners acquired Comodo Certification Authority (Comodo CA) from Comodo Security Solutions, Inc. Francisco Partners rebranded Comodo CA in November 2018 to Sectigo.{{Cite web|url=https://www.securityweek.com/francisco-partners-acquires-comodo-ca|title=Comodo Sells Certificate Business to Private Equity Firm |website=SecurityWeek.com|date=31 October 2017 |access-date=2019-10-29}}{{Cite web|url=https://www.enterprisetimes.co.uk/2018/11/02/comodo-ca-becomes-sectigo-and-expands-to-cover-iot/|title=Comodo CA becomes Sectigo and expands to cover IoT |last=Murphy|first=Ian|date=2018-11-02|website=Enterprise Times|language=en-GB|access-date=2019-11-21}}
On June 28, 2018, the new organization announced that it was expanding from TLS/SSL certificates into IoT security with the announcement of its IoT device security platform.{{Cite web|url=https://betanews.com/2018/06/28/comodo-iot-security/|title=Comodo CA launches IoT security platform|date=2018-06-28|website=BetaNews|language=en|access-date=2019-10-29}} The company announced its new headquarters in Roseland, New Jersey on July 3, 2018{{Cite web|url=https://njbiz.com/comodo-ca-global-hq-coming-to-roseland/|title=Comodo CA global HQ coming to Roseland|last=Perry|first=Jessica|date=2018-07-03|website=NJBIZ|language=en-US|access-date=2019-10-29}} and its acquisition of CodeGuard, a website maintenance and disaster recovery company, on August 16, 2018.{{Cite web|url=https://www.crn.com/news/security/comodo-ca-buys-website-disaster-recovery-startup-codeguard|title=Comodo CA Buys Website Disaster Recovery Startup CodeGuard|last=Novinson|first=Michael|date=2018-08-16|website=CRN|access-date=2019-10-29}}
Industry affiliations
Comodo is a member of the following industry organizations:
- Certificate Authority Security Council (CASC): In February 2013, Comodo became a founding member of this industry advocacy organization dedicated to addressing industry issues and educating the public on internet security.{{cite web|url=http://www.networkworld.com/news/2013/021413-council-digital-certificate-266728.html |title=Multivendor power council formed to address digital certificate issues |author=Ellen Messmer |date=14 February 2013 |work=Network World |url-status=dead |archive-url=https://web.archive.org/web/20130728114851/http://www.networkworld.com/news/2013/021413-council-digital-certificate-266728.html |archive-date=28 July 2013 }}{{cite web|url=http://www.darkreading.com/authentication/167901072/security/news/240148546/major-certificate-authorities-unite-in-the-name-of-ssl-security.html|title=Authentication Security News, Analysis, Discussion, & Community|work=Darkreading.com|access-date=30 March 2015|url-status=dead|archive-url=https://archive.today/20130410174711/http://www.darkreading.com/authentication/167901072/security/news/240148546/major-certificate-authorities-unite-in-the-name-of-ssl-security.html|archive-date=10 April 2013}}
- Common Computing Security Standards Forum (CCSF): In 2009 Comodo was a founding member of the CCSF, an industry organization that promotes industry standards that protect end users. Comodo CEO Melih Abdulhayoğlu is considered the founder of the CCSF.{{cite web|url=http://www.securitypark.co.uk/|title=SecurityPark|access-date=30 March 2015|archive-url=https://web.archive.org/web/20150402184331/http://www.securitypark.co.uk/|archive-date=2 April 2015|url-status=dead}}
- CA/Browser Forum: In 2005, Comodo was a founding member of a new consortium of certificate authorities and web browser vendors dedicated to promoting industry standards and baseline requirements for internet security.{{cite web | url=https://www.cabforum.org/ | title=CA/Browser Forum|publisher=Cabforum.org | access-date=23 April 2013}}{{cite web | url=http://docbox.etsi.org/workshop/2012/201201_CA_DAY/5_Wilson_CAB-Forum.pdf | title=CA/Browser Forum History | last = Wilson | first = Wilson | publisher = DigiCert | access-date=23 April 2013}} Melih Abdulhayoğlu invited top browser providers and certification authorities to a round table to discuss the creation of a central authority responsible for delivering digital certificate issuance best practice guidelines.{{cite web|url=https://cabforum.org/pipermail/public/attachments/20150511/65e05471/attachment.pdf|title=Industry Round Table May 17th 2005 – New York|access-date=17 May 2005}}
Products
Controversies
=Certificate hacking {{anchor|2011 breach incident}}=
On 23 March 2011, Comodo posted a report that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine certificate signing requests.{{cite web|url=https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html |title=Report of incident on 15-MAR-2011: Update 31-MAR-2011 |publisher=Comodo group |access-date=24 March 2011 }} Nine certificates for seven domains were issued. The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran. Moxie Marlinspike analyzed the IP address on his website the next day and found it to have English localization and Windows operating system.{{Cite web|title=DEF CON 19 - Moxie Marlinspike - SSL And The Future Of Authenticity - YouTube|url=https://www.youtube.com/watch?v=UawS3_iuHoA |archive-url=https://ghostarchive.org/varchive/youtube/20211213/UawS3_iuHoA |archive-date=2021-12-13 |url-status=live|access-date=2021-01-13|website=www.youtube.com| date=2 November 2013 }}{{cbignore}} Though the firm initially reported that the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail.".{{cite web|title=The Recent RA Compromise|url=http://blog.comodo.com/it-security/data-security/the-recent-ca-compromise/|first=Phillip|last=Hallam-Baker|date=23 March 2011|access-date=24 March 2011|publisher=Comodo Blog}}{{Dead link|date=December 2023 |bot=InternetArchiveBot |fix-attempted=yes }}
Comodo revoked all of the bogus certificates shortly after the breach was discovered. Comodo also stated that it was actively looking into ways to improve the security of its affiliates.{{Cite news|url=https://www.bbc.com/news/technology-12847072 |title=Iran accused in 'dire' net security attack |work=BBC News |date=24 March 2011 |access-date=23 December 2016}}
In an update on 31 March 2011, Comodo stated that it detected and thwarted an intrusion into a reseller user account on 26 March 2011. The new controls implemented by Comodo following the incident on 15 March 2011, removed any risk of the fraudulent issue of certificates. Comodo believed the attack was from the same perpetrator as the incident on 15 March 2011.{{Cite web|url=https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html |title=Update 31-MAR-2011 |access-date=23 December 2016}}
In regards to this second incident, Comodo stated, "Our CA infrastructure was not compromised. Our keys in our HSMs were not compromised. No certificates have been fraudulently issued. The attempt to fraudulently access the certificate ordering platform to issue a certificate failed."{{Cite web|url=https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html |title=Update 31-Mar-2011 |access-date=23 December 2016}}
On 26 March 2011, a person under the username "ComodoHacker" verified that they were the attacker by posting the private keys online{{Cite web|url=https://blog.erratasec.com/2011/03/verifying-comodo-hackers-key.html|title=Verifying the Comodo Hacker's key|first=Robert|last=Graham}} and posted a series of messages detailing how poor Comodo's security is and bragging about their abilities.{{cite magazine|last=Bright|first=Peter|date=28 March 2011|title=Independent Iranian Hacker Claims Responsibility for Comodo Hack|magazine=Wired|format=WIRED|url=https://www.wired.com/threatlevel/2011/03/comodo_hack/|access-date=29 March 2011}}{{cite web|title=ComodoHacker's Pastebin|url=http://pastebin.com/u/ComodoHacker|date=5 March 2011|publisher=Pastebin.com|access-date=30 March 2015}}
As of 2016, all of the certificates remain revoked. Microsoft issued a security advisory and update to address the issue at the time of the event.{{cite web|title=Microsoft Security Advisory (2524375)|website=Microsoft |url=http://www.microsoft.com/technet/security/advisory/2524375.mspx|date=23 March 2011|access-date=24 March 2011|format=Microsoft}}{{cite web|title=Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing|url=http://support.microsoft.com/kb/2524375|date=23 March 2011|access-date=24 March 2011|work=Microsoft}}
= Certificates issued to known malware distributors =
In 2009 Microsoft MVP Michael Burgess accused Comodo of issuing digital certificates to known malware distributors.{{Cite web | url=https://www.cnet.com/forums/discussions/comodo-continue-to-to-issue-certificates-to-known-malware-343022/ | title=Comodo continue to to[sic] issue certificates to known Malware - May 2009 - Forums}} Comodo responded when notified and revoked the certificates in question, which were used to sign the known malware.{{Cite web|url=http://blogs.msmvps.com/donna/2009/05/18/microsoft-mvp-mike-burgess-respond-to-comodo-s-ceo-on-comodo-certificates-issued-to-malware-distributors/|title=Microsoft MVP Mike Burgess Responds To Comodo's CEO On Comodo Certificates Issued To Malware Distributors |access-date=23 December 2016}}
= Let's Encrypt trademark registration application =
In October 2015, Comodo applied for "Let's Encrypt", "Comodo Let's Encrypt", and "Let's Encrypt with Comodo" trademarks.{{Cite web|url=http://tsdr.uspto.gov/#caseNumber=86790719&caseType=SERIAL_NO&searchType=statusSearch|title=Trademark Status & Document Retrieval|website=tsdr.uspto.gov|access-date=23 June 2016}}{{Cite web|url=http://tsdr.uspto.gov/#caseNumber=86790789&caseType=SERIAL_NO&searchType=statusSearch|title=Trademark Status & Document Retrieval|website=tsdr.uspto.gov|access-date=23 June 2016}}{{Cite web|url=http://tsdr.uspto.gov/#caseNumber=86790812&caseType=SERIAL_NO&searchType=statusSearch|title=Trademark Status & Document Retrieval|website=tsdr.uspto.gov|access-date=23 June 2016}} These trademark applications were filed almost a year after the Internet Security Research Group, parent organization of Let's Encrypt, started using the name Let's Encrypt publicly in November 2014,{{Cite web|url=http://www.crn.com/news/cloud/300074840/lets-encrypt-a-free-and-automated-certificate-authority-comes-out-of-stealth-mode.htm|title=Let's Encrypt, A Free And Automated Certificate Authority, Comes Out Of Stealth Mode|last=Tsidulko |first=Joseph |website=CRN |date=19 November 2014|access-date=23 June 2016}} and despite the fact Comodo's "intent to use" trademark filings acknowledge that it has never used "Let's Encrypt" as a brand.
On 24 June 2016, Comodo publicly posted in its forum that it had filed for "express abandonment" of their trademark applications.{{Cite web|url=https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/trademark-registration-t115968.0.html;msg837505#msg837505|title=Topic: Trademark registration|access-date=24 June 2016|archive-date=8 November 2020|archive-url=https://web.archive.org/web/20201108141457/https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/trademark-registration-t115968.0.html;msg837505#msg837505|url-status=dead}}
Comodo's Chief Technical Officer Robin Alden said, "Comodo has filed for express abandonment of the trademark applications at this time instead of waiting and allowing them to lapse. Following collaboration between Let's Encrypt and Comodo, the trademark issue is now resolved and behind us, and we'd like to thank the Let's Encrypt team for helping to bring it to a resolution."{{Cite web|url=https://www.grahamcluley.com/comodo-stands-trademark-tussle-lets-encrypt/ |title=Comodo Stands Down From Trademark Tussle with Let's Encrypt |date=27 June 2016 |access-date=23 December 2016}}
See also
- Internet security
- Comparison of antivirus software
- Comparison of computer viruses
- Comparison of firewalls
{{Portalbar|Companies|United States}}
References
{{reflist}}
External links
- {{Official website}}
{{Authority control}}
Category:Software companies established in 1998
Category:Certificate authorities
Category:Computer security software companies
Category:International information technology consulting firms
Category:Software companies based in New Jersey
Category:Software companies of the United Kingdom
Category:1998 establishments in the United Kingdom
Category:Companies based in Essex County, New Jersey