Like Superfish intercepted PrivDog HTTPS traffic to inject ads from "reliable partners". Late last year, the ability to filter HTTPS traffic was already on the forum Comodo discussed . The software is after Superfish scandal now in the spotlight. A user decided because Superfish a test page to do, which warns users if their HTTPS connection is manipulated. Although the user is not used Superfish he got a warning. Then this user reported on Hacker News that the possible was the PrivDog-adware.
PrivDog not have the same vulnerability as Superfish, using a weak certificate and a weak password to protect the private key of the certificate, but one which is many times as possible according to Bock. Although Superfish same certificate and key used for all installations, PrivDog makes for each installation a separate key and certificate. The biggest problem is that each certificate PrivDog intercepted and replaced by a self-signed certificate.
It is also about certificates that were not valid in the first place. As a result, the browser will accept HTTPS each certificate that is, whether by a Certificate Authority (CA) is signed or not. "We are still trying to find out the details, but it looks bad," Bock says. The researcher also finds it strange that Comodo, which is itself a CA bundle adware with their own software. "If the CA would be their job to protect HTTPS, not break," the researcher concludes.
Meanwhile warns also the CERT Coordination Center (CERT / CC) at Carnegie Mellon University for PrivDog. An attacker could according to the CERT / CC HTTPS sites spoof and intercept HTTPS traffic without users see a certificate warning.Users will also be advised to remove PrivDog. This would also be the root certificate in question to be removed.
US-CERT writes: "Adtrustmedia PrivDog is promoted by the Comodo Group, which is an organization that offers SSL certificates and authentication solutions." A variant of PrivDog that is not affected by this issue is shipped with products produced by Comodo (see below). This makes this case especially interesting because Comodo itself is a certificate authority (they had issues before). As ACLU technologist Christopher Soghoian points out on Twitter the founder of PrivDog is the CEO of Comodo. (See this blog post.)
Update 2: Privdog published an Advisory.
No comments:
Post a Comment