Wednesday, 25 February 2015

PrivDog: Only 57,000 Users At Risk

Adware PrivDog developer has released a security update after there was a vulnerability in the software detects allowing users targeted by Man-in-the-middle attack could be. In total, this "only" 57,000 users have run risk, says the developer. However, this is not the PrivDog software that comes with the programs of security provider and Certificate Authority Comodo. PrivDog makes adware that SSL connections are intercepted and software advertisements of "reliable partners" can inject.

Researchers discovered that PrivDog install a root certificate and thus intercepted each SSL certificate of websites using a self-signed certificate, even when it comes to SSL certificates that are not valid. As a result, the browser will accept HTTPS each certificate that is, whether by a Certificate Authority (CA) is signed or not. For example, users of public Wi-Fi networks could thus be the victim of a Man-in-the-middle attack. The vulnerability is present in versions and PrivDog.

These versions intercept SSL traffic and were downloaded from the website of PrivDog. Contrary to what was thought yesterday is Comodo Internet Security with an earlier version of PrivDog bundled working with a browser extension and thus is not directly vulnerable to this threat. That says researcher Hanno Boeck in addition to his research. PrivDog also confirms that the PrivDogplug-in that comes with the Comodo Browsers problem has not.

Globally, more than 57,000 people have downloaded the vulnerable PrivDog versions. According adware developer made ​​sure that the problem with some sites that use a self-signed certificate no certificate warning was given. However, the encryption was offered to the end user would remain intact, says PrivDog. Tonight there is rolled out an automatic update that fixes the problem by users.

No comments:

Post a Comment