Thread: Lenovo hardware compromised
View Single Post
Old 02-24-2015, 10:23 AM   #23
Freehunter
Connoisseur
Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.Freehunter ought to be getting tired of karma fortunes by now.
 
Freehunter's Avatar
 
Posts: 68
Karma: 786508
Join Date: Aug 2014
Location: Great Lakes
Device: K4PC, PW2, HD7, calibre
Looks like Lenovo is not the only one with a problem. Worse it is security software vendors.

Security software found using Superfish-style code, as attacks get simpler | Ars Technica http://arstechnica.com/security/2015...s-get-simpler/

Quote:
"Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority."
Quote:
"Late last week came word that self-signed Secure Sockets Layer certificates installed by a company called Komodia caused most browsers to trust any self-signed certificate that used the same easily extracted private key. That was bad, but now, researchers have discovered vulnerabilities in the closely related proxy software of interception applications from Komodia and Comodo. The new insight makes it even easier for attackers to forge trusted credentials that impersonate Bank of America, Google, or any other HTTPS-protected destination on the Internet."
Worse than Superfish? Comodo-affiliated PrivDog compromises web security too | PCWorld http://www.pcworld.com/article/28876...-security.html

Quote:
"New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo."
Quote:
"However, it’s not just Superfish or PrivDog that open such security holes on computers. Researchers determined that the Superfish vulnerability was actually in a third-party software development kit from a company called Komodia. The same SDK is used in other products as well, including parental control applications, VPN clients and software from a security vendor called Lavasoft."
I used to use Lavasoft Ad-aware, but got out of the habit of updating. Just use a sacrificial old laptop and limit where I go. Just use a regular antivirus and Malwarebytes Anti-Malware and scan regularly now.

Freehunter
Freehunter is offline   Reply With Quote