Security software found using Superfish-style code, as attacks get simpler

Forum|Forum|10 years ago
February 23, 2015
3 replies
22 views

+54

Jasper_The_Rasper
Moderator

Titles from security firms Lavasoft and Comodo leave users open to easier attacks.

by Dan Goodin - Feb 23, 2015

Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.

Lavasoft and Comodo were added just as researchers were discovering simpler, more potent ways to exploit the vulnerabilities. Late last week came word that self-signed Secure Sockets Layer certificates installed by a company called Komodia caused most browsers to trust any self-signed certificate that used the same easily extracted private key. That was bad, but now, researchers have discovered vulnerabilities in the closely related proxy software of interception applications from Komodia and Comodo. The new insight makes it even easier for attackers to forge trusted credentials that impersonate Bank of America, Google, or any other HTTPS-protected destination on the Internet.

Full Article

+54

Jasper_The_Rasper
Author
Moderator
Forum|Forum|10 years ago
February 24, 2015

February 24, 2015 By Pierluigi Paganini

The experts from Facebook analyzed the number of SSL connections intercepted by Superfish for Windows clients worldwide. Richard explained that also a strain of Trojan.Nurjax malware detected by experts at Symantec uses the Komodia library.
http://securityaffairs.co/wordpress/wp-content/uploads/2015/02/Superfish-cerificates-diffusion.jpg
Richard confirmed that the same Komodia library was used by many other applications, the complete list of certificate issuers includes: