Background – The extremely unsafe root CA Komodia is not alone in Superfish, but also in numerous other software. Variants SSL hijacking are widespread.
The scandal over the unsafe Superfish-adware on Lenovo laptops expands. The malware uses the SSL interception module Komodia, who own root CA in the root store of Windows and browsers nests. In this way, all https traffic is intercepted and decrypted while the browser neatly shows a green lock
Komodia scourge
<-.! dfp ad # ad_mpu-mob ->
Now, researchers at the dive shop, opens a cesspool. Exactly the same Komodia tool also appears to be in other software, including the same private key “protected” with the same default password komodia. Several security experts come up with lists of software ranging from browser helpers similar Superfish themselves to tools for parental control and proxy software to hide IP address. But ironically also software that presents itself as AdBlocker or security software, such as Lavasoft ‘web protection.
In addition, serves PrivDog, a privacy tool from the CEO of certificate giant Comodo, from SSL hijacking, though not using it the library of the Israeli Komodia, reports Ars Technica.
One certificate for all domains
Komodia The code also shows a rotten Swiss cheese. Not just use the same key and default password in all instances, there is no validation or limitation on the number of domains whose SSL traffic can be hijacked, discovered Filippo Valsorda, researcher at CloudFlare. It is about ‘alternative names’, an existing X.509 extension to the certificate, other (sub) adding domains for which the certificate is valid. What? That is wide open. Any domain that is entered in the ‘alternative’ field of the Komodia certificate is signed blindly. And the browser displays a beautiful green lock.
Is there nothing to do against such SSL hijacking? No, not really. This possibility is in fact widely used by aggressive firewalls and deep packet inspection systems, and is therefore ‘legitimate’. Also certificates ‘pin down’, as Chrome has been doing, and Firefox since last year, only protects against man-in-the-middle attacks in the network. Once ensconced in the root store of the operating system or browser, such Komodia even swallow Chrome and Firefox these false certificates for granted.
HP spins yarn
The first lawsuits against Lenovo are now a fact. The group comes under public pressure again with a mea culpa. In addition, the PC maker has released a new tool that Superfish and the damned root certificate removed automatically. Meanwhile competitors cash in on the scandal. For example, HP comes with this sneer on Twitter:
No comments:
Post a Comment