Slashdot Mirror

← Back to Stories (view on slashdot.org)

Superfish Security Certificate Password Cracked, Creating New Attack Vector

Posted by timothy on from the for-this-to-work-you-may-need-windows dept.

In a followup to today's news about junk software included with Lenovo computers, an anonymous reader writes Robert Graham at Errata Security has published an article announcing his success in extracting the SuperFish self-signed security certificate from the adware which has caused Chinese computer manufacturer Lenovo such embarrassment in the last day. Since SuperFish is already capable of carrying out man-in-the-middle attacks over secure connections on the Lenovo machines which use the certificate, the disclosure of the certificate's password presents hackers with a 'a pre-installed hacking environment' which would be difficult to arrange by other means. The password, "komodia," is also the name of the Komodia Redirector framework, which allows its clients to manipulate TCP/IP network sessions "with a few simple clicks."

2 of 144 comments (clear)

  1. Stop deleting the NSA hard drive backdoor news by Anonymous Coward · · Score: -1, Offtopic

    It's already all over the net, even non geek sites are all over it.

    You call slashdot a geek site? "News for nerds, stuff that matters" my ass.

    HUGE SPY PROGRAM EXPOSED: NSA has hidden software in hard drives around the world
    Is the NSA Hiding in Your Hard Drive?
    NSA Has Ability To Hide Spying Software Deep Within Hard Drives: Cyber Researchers
    Is Your Hard Drive Hiding NSA Spyware?
    The NSA hides surveillance software in hard drives
    'Breakthrough' NSA spyware shows deep grasp of makers' hard drives
    NSA planted surveillance software on hard drives, report says
    NSA secret spying software discovered by Russian researchers
    NSA Hackers Infected Hard Drives With Impossible-To-Remove Spyware
    NSA Has Planted Surveillance Software Deep Within Hard Drives Since 2001: Kaspersky
    NSA program is embedding secret spying software in hard drives in Russia, China, Middle East, allowing agency to eavesdrop on most of world’s computers: report
    Destroying your hard drive is the only way to stop this super-advanced malware
    Hard drives beware, the NSA is coming for you
    Kaspersky fingers NSA-style Equation Group for hard drive backdoor epidemic
    There's no way of knowing if the NSA's spyware is on your hard drive
    The NSA's Undetectable Hard Drive Hack Was First Demonstrated a Year Ago

  2. Re:FIRST MOTHERFUCKIN POST by Anonymous Coward · · Score: 0, Offtopic

    :-