Adtrustmedia PrivDog fails to validate SSL certificates

Discussion in 'other security issues & news' started by ronjor, Feb 23, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://www.kb.cert.org/vuls/id/366544
     
  2. wallpapers

    wallpapers Registered Member

    Joined:
    Jun 15, 2012
    Posts:
    42
    Thread on comodo forums got deleted. lol. I hope they come up with an official announcement of how it is possible they messed up so bad.
     
  3. Oddo

    Oddo Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    12
    Location:
    Schweden
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
  5. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,098
    Location:
    Hollow Earth - Telos
    I just tested Dragon Browser and passed that test.
     
  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    This issue was only found on directly downloaded PrivDog 3.0.96.0 and 97 beta versions from the PrivDog website. It's a pity that the original posters of this issue weren't that specific with their allegations.
    So in actuality:

    1). If you happened to accept the optional PrivDog installation in version 7 of either CIS or CF- Not affected

    2). If you are using the older Comodo Dragon Browser- Not affected

    3). If you are using the newer Comodo Chromodo browser- Not affected

    4). If you are using the current version 8 builds of Comodo Internet Security or Comodo Firewall- No applicable (PrivDog no longer an option).

    And I am sure in a day or so a new version of Standalone PrivDog will be available to rectify this bug.
     
  7. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,098
    Location:
    Hollow Earth - Telos
    PrivDog is bundled with some products from Comodo, like Comodo Internet Security as well as its Chromodo, Dragon and IceDragon browsers. However, it seems that these products include PrivDog version 2, which lacks the HTTPS proxy functionality, and thus does not expose users to man-in-the-middle attacks.

    The PrivDog version that exposes users to man-in-the-middle attacks is version 3, which is available to download as a stand-alone application and which supports a large number of browsers including Google Chrome, Mozilla Firefox and Internet Explorer, according to security researcher Filippo Valsorda, who’s online HTTPS test was updated to account for it....http://www.pcworld.com/article/2887...-tool-privdog-compromises-https-security.html
     
  8. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    Certainly took long enough for the story to be updated. Maybe a bit of fact checking prior to the initial libelous drivel would have been more appropriate (but perhaps I expect too much).
    .
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I never trusted this piece of software, but even I would, right now that trust would be forever lost.
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    That's not all folks!

    PrivDog wants to protect your privacy - by sending data home in clear text
    https://blog.hboeck.de/archives/866...ivacy-by-sending-data-home-in-clear-text.html
     
  11. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
Loading...