Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys

Discussion in 'other security issues & news' started by ronjor, Feb 19, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    http://www.kb.cert.org/vuls/id/529496
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    https://www.us-cert.gov/ncas/alerts/TA15-051A
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    http://arstechnica.com/security/201...-superfish-style-code-as-attacks-get-simpler/
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Bet this will turn up in other SSL-capable filtering proxies too. Yay security!
     
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Clearly your prediction was right!;)
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    In a way, this is not unexpected. You cannot expect software to inspect your HTTPS communications for malware without decrypting it first... This is the main reason why I disagree with this approach and I never use proxies; I prefer to obtain security through other means than letting an application decrypt HTTPS over my head.
     
  7. geekatlarge

    geekatlarge Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    66
    Location:
    Searching for $Windows.~BT folders
    If this was brought up elsewhere, sorry for the repost. It gets even worse. Komodia apparently wrote a rootkit to prevent value modifications:
    https://www.techdirt.com/articles/2...s-really-really-bad-its-much-much-worse.shtml

    Can't get to Komodia's website right now, it's either DDOS'ed or overloaded - same difference, I guess. I went to the Internet Archive to confirm that Komodia brags about this "feature" called Komodia Watchdog on their main page:
    https://web.archive.org/web/20141221114018/http://www.komodia.com/

    Analysis here:
    https://gist.github.com/Wack0/f865ef369eb8c23ee028

    Seems to be included in Sendoria (above link) and Arcade Giant, OptimizerMonitor, SystemAlerts and other PUP/malware (link below):
    http://arstechnica.com/security/201...ened-lenovo-users-found-in-a-dozen-more-apps/
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    https://www.us-cert.gov/ncas/alerts/TA15-051A
     
Loading...