lurkingatu2 Posted February 23, 2015 Posted February 23, 2015 Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware from How To Geek It’s a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog,and dozens of other apps like LavaSoft are doing the same. It’s really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now. The Superfish fiasco began when researchers noticed that Superfish, bundled on Lenovo computers, was installing a fake root certificate into Windows that essentially hijacks all HTTPS browsing so that the certificates always look valid even if they aren’t, and they did it in such an insecure way that any script kiddie hacker could accomplish the same thing. And then they are installing a proxy into your browser and forcing all of your browsing through it so they can insert ads. That’s right, even when you connect to your bank,or health insurance site, or anywhere that should be secure. And you would never know, because they broke Windows encryption to show you ads. But the sad, sad fact is that they aren’t the only ones doing this — adware like Wajam, Geniusbox, Content Explorer, and others are all doing the exact same thing, installing their own certificates and forcing all your browsing (including HTTPS encrypted browsing sessions) to go through their proxy server. And you can get infected with this nonsense just by installing 2 of the top 10 apps on CNET Downloads. The bottom line is that you can no longer trust that green lock icon in your browser’s address bar. And that’s a scary, scary thing. (this article is to long to post here please read about more info here) http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/ (more info on Comodo's Privdog) Adware Privdog worse than Superfish from Hanno's blog https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html Privdog is Superfish all over again from Ghacks Technology News is a tech blog that reviews software, apps, Internet services, and offers tips and tricks about Windows, Android, and other systems. By Martin Brinkmann http://www.ghacks.net/2015/02/23/privdog-is-superfish-all-over-again/ Superfish,Komodia,PrivDog vulnerability test (Do the test with all browsers installed) https://filippo.io/Badfish/ :) James 1 Quote
FPCH Admin AWS Posted February 23, 2015 FPCH Admin Posted February 23, 2015 That's why I rarely, if ever, download anything from any download site. I get it right from the software site. If they send me off to a download site to get it then I won't use it and if it's payware I won't buy it. I got stung a couple years ago downloading from download.com and since that time I watch where I download from. 2 Quote Off Topic Forum - Unlike the Rest
FPCH Admin allheart55 Cindy E Posted February 23, 2015 FPCH Admin Posted February 23, 2015 Very interesting and really informative article. Thank you, @James. Just for the heck of it, I took the test. 1 Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
lurkingatu2 Posted February 24, 2015 Author Posted February 24, 2015 ssl certificate stuff is scary i tested both my browsers also and passed since this thing/and or story is spreading in to more than just Lenevo thing :) James 1 Quote
Recommended Posts