Skip to main content
Customer Support Customer Support

EFF unearths evidence of possible Superfish-style attacks in the wild

  • February 26, 2015
  • 1 reply
  • 0 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Crypto-busting apps may been exploited against visitors of Google and dozens more.

by Dan Goodin - Feb 26, 2015
 
Martial Régereauhttp://cdn.arstechnica.net/wp-content/uploads/2015/02/Attaque_Man_In_The_Middle.jpg Martial RégereauIt's starting to look like Superfish and other software containing the same HTTPS-breaking code library may have posed more than a merely theoretical danger to Internet users. For the first time, researchers have uncovered evidence suggesting the critical weakness may have been exploited against real people visiting real sites, including Gmail, Amazon, eBay, Twitter, and Gpg4Win.org, to name just a few.
 
As Ars reported one week ago, ad-injecting software preinstalled on some Lenovo laptops caused most browsers to trust fraudulent secure sockets layer certificates. The software was called Superfish. In the coming days, security researchers unearthed more than a dozen other apps that posed the same threat. The common thread among all the titles was a code library provided by an Israel-based company called Komodia.
 
Full Article
    Ssherjj

    1 reply

    R
    Community Guide
    • retiredAntus67
    • Community Guide
    • February 27, 2015

    Posted on 26 February 2015.When the issue of Lenovo's pre-installed SSL-breaking Superfish adware first gained widespread media recognition, the company's CTO Peter Hortensius tried to do some damage control and stated that the adware posed no security risk for users.

    After being asked to comment on the fact that there is a huge disparity between this claim and that of security researchers saying that there are potential dangers created by the software's use, he dismissed their concerns as "theoretical."

    "We have no insight that anything nefarious has occurred," he said at the time.

    But, as the days went by, evidence backing security researchers' vision of things kept mounting, and Lenovo backtracked on those claims. It was discovered that Superfish is not the only app using the same SSL-busting code by Komodia, and that another piece of adware, Comodo's PrivDog, is even worse than Superfish, as it makes the browser accept every HTTPS certificate, whether it's been signed by a certificate authority or not.. full article
    Ssherjj
    Terms & ConditionsAccessibility statement