Slashdot Mirror

← Back to Stories (view on slashdot.org)

Superfish Security Certificate Password Cracked, Creating New Attack Vector

Posted by timothy on from the for-this-to-work-you-may-need-windows dept.

In a followup to today's news about junk software included with Lenovo computers, an anonymous reader writes Robert Graham at Errata Security has published an article announcing his success in extracting the SuperFish self-signed security certificate from the adware which has caused Chinese computer manufacturer Lenovo such embarrassment in the last day. Since SuperFish is already capable of carrying out man-in-the-middle attacks over secure connections on the Lenovo machines which use the certificate, the disclosure of the certificate's password presents hackers with a 'a pre-installed hacking environment' which would be difficult to arrange by other means. The password, "komodia," is also the name of the Komodia Redirector framework, which allows its clients to manipulate TCP/IP network sessions "with a few simple clicks."

1 of 144 comments (clear)

  1. Re:FIRST MOTHERFUCKIN POST by Anonymous Coward · · Score: 0, Offtopic

    :-