Slashdot Mirror

← Back to Stories (view on slashdot.org)

Superfish Security Certificate Password Cracked, Creating New Attack Vector

Posted by timothy on from the for-this-to-work-you-may-need-windows dept.

In a followup to today's news about junk software included with Lenovo computers, an anonymous reader writes Robert Graham at Errata Security has published an article announcing his success in extracting the SuperFish self-signed security certificate from the adware which has caused Chinese computer manufacturer Lenovo such embarrassment in the last day. Since SuperFish is already capable of carrying out man-in-the-middle attacks over secure connections on the Lenovo machines which use the certificate, the disclosure of the certificate's password presents hackers with a 'a pre-installed hacking environment' which would be difficult to arrange by other means. The password, "komodia," is also the name of the Komodia Redirector framework, which allows its clients to manipulate TCP/IP network sessions "with a few simple clicks."

2 of 144 comments (clear)

  1. Re:who uses stock os? by davidwr · · Score: 3, Informative

    legitimate question: what slashdotter still uses the stock OS on a laptop they purchase?

    If by "OS" you mean the factory-installed crypto-signed firmware/bootloader/OS stack which can't be changed without keys the end-user doesn't have, then the answer is "probably more than we would like to think."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. Re:Soo soo tired..... by execthis · · Score: 5, Informative

    I was setting up a PC for a friend yesterday and needed to install a popular shareware archival app that has been recognized as the best in its category and has never been bundled with any crap.

    I opened up Firefox and typed the name in the search bar which had Yahoo set as the default search provider - as Firefox have notably done recently. I clicked on the first link that appeared, which for all intents and purposes appeared to be the link from the actual creator of said application.

    But in fact it was not. It was some sleazebag site which basically bundles a load of crapware into the installer. Even when I carefully unselected all the crapware it was trying to profer, it still installed a PUP IE addon that Malwarebytes picked up. In short, Yahoo has descended to the level of pushing shading companies which install malware on people's computers and hijack the installers of legitimate shareware products. And Firefox have descended to making this company (Yahoo) their default search provider.

    This is total shit. The model of the Internet as some kind of enhanced TV experience which tracks everything people do and targets and infiltrates them has got to stop.

    You are totally right in seeing that there is no qualitative difference between what corporations are doing, what governments are doing, and what scammers are doing. We have moved from an age of true innovation to one of scamming. Hence why banking and investment are so big.