Bundle Superfish-Style HTTPS Breaking Adware from Download.com and others

Ontech Computing Blog

It’s a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other appslike LavaSoft are doing the same. It’s really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now.

The Superfish fiasco began when researchers noticed that Superfish, bundled on Lenovo computers, was installing a fake root certificate into Windows that essentially hijacks all HTTPS browsing so that the certificates always look valid even if they aren’t, and they did it in such an insecure way that any script kiddie hacker could accomplish the same thing.

And then they are installing a proxy into your browser and forcing all of your browsing through it so they can insert ads. That’s right…

View original post 1,836 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s