Superfish Security Certificate Password Cracked, Creating New Attack Vector

In a followup to today's news about junk software included with Lenovo computers, an anonymous reader writes Robert Graham at Errata Security has published an article announcing his success in extracting the SuperFish self-signed security certificate from the adware which has caused Chinese computer manufacturer Lenovo such embarrassment in the last day. Since SuperFish is already capable of carrying out man-in-the-middle attacks over secure connections on the Lenovo machines which use the certificate, the disclosure of the certificate's password presents hackers with a 'a pre-installed hacking environment' which would be difficult to arrange by other means. The password, "komodia," is also the name of the Komodia Redirector framework, which allows its clients to manipulate TCP/IP network sessions "with a few simple clicks."

Re:No words

[Gr8Apes]

It already happened to Sony, recall the CD rootkit incident? That was even more evil, as it wasn't just malware, but an actual attack. Sony's still around but they seem to be having some financial trouble of late or something. Karma sure can be a bitch.