Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys

Discussion in 'other security issues & news' started by ronjor, Feb 19, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    http://www.kb.cert.org/vuls/id/529496
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://www.us-cert.gov/ncas/alerts/TA15-051A
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    http://arstechnica.com/security/201...-superfish-style-code-as-attacks-get-simpler/
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    Bet this will turn up in other SSL-capable filtering proxies too. Yay security!
     
  5. 142395

    142395 Guest

    Clearly your prediction was right!;)
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    In a way, this is not unexpected. You cannot expect software to inspect your HTTPS communications for malware without decrypting it first... This is the main reason why I disagree with this approach and I never use proxies; I prefer to obtain security through other means than letting an application decrypt HTTPS over my head.
     
  7. geekatlarge

    geekatlarge Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    66
    Location:
    Searching for $Windows.~BT folders
    If this was brought up elsewhere, sorry for the repost. It gets even worse. Komodia apparently wrote a rootkit to prevent value modifications:
    https://www.techdirt.com/articles/2...s-really-really-bad-its-much-much-worse.shtml

    Can't get to Komodia's website right now, it's either DDOS'ed or overloaded - same difference, I guess. I went to the Internet Archive to confirm that Komodia brags about this "feature" called Komodia Watchdog on their main page:
    https://web.archive.org/web/20141221114018/http://www.komodia.com/

    Analysis here:
    https://gist.github.com/Wack0/f865ef369eb8c23ee028

    Seems to be included in Sendoria (above link) and Arcade Giant, OptimizerMonitor, SystemAlerts and other PUP/malware (link below):
    http://arstechnica.com/security/201...ened-lenovo-users-found-in-a-dozen-more-apps/
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://www.us-cert.gov/ncas/alerts/TA15-051A
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.