Discussion in 'malware problems & news' started by SweX, Feb 19, 2015.
The test has been updated again: https://filippo.io/Badfish/
It's worthwhile reading Filippo Valsorda on Twitter.
(Comodo has pulled PrivDog off their server).
I'm wondering whether there are similar vulnerabilities in MitM-based enterprise monitoring systems.
And the result is still no.
Still stunned by this face-palmingly stoopid business decision - it's beyond my comprehension.
Wondering if they thought it would never be discovered.
A five-star rated self-smear.
Ofc that depends on each enterprise, but maybe many of them would have at least 1 or 2 of problems. (just a guess)
Thanks! I was not impressed by Comodo's staff's reply to Sanya at all, does he think Sanya and all other lurker don't understand TLS thing? I can't avoid to say his replies are almost joke!
And this is their quite defensive excuses.
Although Privdog issue itself is bad, I lost more trust by those their attitude.
There should be tips already posted how to verify if you've been affected. Alternating to another browser is not the solution.
This test is one step -
If you suspect you have an affected Lenovo machine - run the automated removal tool listed in this official Lenovo SuperFish removal document.
The *LOL-Lenovo* debacle continues -
Apparently having Firefox browser would have prevented this problem for many people. Correct? Using Firefox or a similar browser could prevent this problem from happening in the future. Using a browser that does not allow this vulnerability would be a way to help avoid this problem from happening in the future for people who actually install new programs from time to time. No?
Anyway, back to the original question: does Pale Moon offer the same protection?
What is Superfish and does ESET protect me from it?
KB Solution ID: SOLN3663 | Last Revised: February 24, 2015
For more information, please see ESET Solution Article SOLN3663
If the EFF found tens of thousands Superfish MitM certificates in the SSL Observatory, why didn't HTTPS Everywhere warn before?
I assume that anyone with a Lenovo system that has been infected with Superfish needs to do a lot more than just remove Visual Discovery and delete the root certificate for Superfish in Windows and FF. What about user backups ? What about the Lenovo Recovery partition with the factory OEM install on it? Also, if I remember correctly, Lenovo recommends that you create a system recovery CD/DVD of the bare bones OEM OS (I think you are allowed to only do this once). I have read that Lenovo users are insisting that there is no opt out option on the OEM OS for VD and that Superfish is showing running in the task manager.
One can't enable "check certificates that are signed by non-standard root CAs" option when they use those MITM proxy, so this has sth to do with no alart? Anyway if they detected potential MITM, they should warn user.
I guess I just assumed that behaviour was default, since they apparently collect that information.
I spoke too soon, it seems that setting is OFF by default.
So it won't warn user when a local program like Superfish or Kaspersky MITMed traffic.
While this is good for those who want to use such program or who in controled corporate network, it also means they're not protected from this kind of MITM.
But they could find "certificates that Komodia should have rejected, but which it ended up causing browsers to accept" from those observatory, so maybe they should add option so that even that setting was not checked still HTTPS-EW warn user about potentially dangerous cert. It would complement those MITM proxy's weakness tho basically strict cert checking should be done by the MITM proxy itself.
Zemana's protection does not work for Firefox, it has it's own certificate store.
Yes, that would be nice.
Issues fix to remove crapware's certificate from the browser's repository
Connecticut Attorney Generals office launches Lenovo-Superfish probe
The Corporate crapware bundling fiasco that keeps on ticking like the Every Ready Space Bunny.
"Lenovo.com was hijacked and email communications were intercepted by hackers just days after the company admitted to installing dangerous adware on many of its computers before shipping them to unsuspecting customers.
“Unfortunately, Lenovo has been the victim of a cyber-attack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects,” the company said in a statement to Ars Technica.
I'm not sure what protection you're saying, and why you think Firefox protect against this even in future. Am I missing sth?
Firefox also affected by Superfish so they released hotfix, and AFAIK there's no advantage firefox have against this type of vuln except it uses its own cert store which actually not much of advantage.
I thought that Superfish couldn't add its fake cert to Firefox cert store.
Two weeks on, Superfish debacle still causing pain for some Lenovo customers
Separate names with a comma.