New cases of insecure HTTPS traffic interception are coming to light as researchers investigate software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users' PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.
Over the weekend, a user reported on Hacker News that his system failed an online test designed to detect a man-in-the-middle vulnerability introduced by Superfish, a program preloaded on some Lenovo consumer laptops.
I have to be up front and tell you the truth. Being British, I don't know who Kris Jenner is.
Indeed, I have to admit that I thought the Kardashians were aliens in Star Trek.
Right now, you get most of your Linux software from your distribution’s software repositories. Those applications have to be packaged specifically for your Linux distribution, and you have to trust them with full access to your Linux user account and all its files.
But imagine if developers could distribute applications in a standard way so you could install and run them on any Linux distribution, and if those applications ran in a “sandbox” so you could quickly download and run them without the security and privacy risks.
Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.
One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.