It’s a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other appslike LavaSoft are doing the same. It’s really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now.
The Superfish fiasco began when researchers noticed that Superfish, bundled on Lenovo computers, was installing a fake root certificate into Windows that essentially hijacks all HTTPS browsing so that the certificates always look valid even if they aren’t, and they did it in such an insecure way that any script kiddie hacker could accomplish the same thing.
And then they are installing a proxy into your browser and forcing all of your browsing through it so they can insert ads. That’s right…
View original post 1,836 more words