Teddy Rogers Posted February 21, 2015 Share Posted February 21, 2015 Lenovo and the Superfish fiasco... Chinese PC manufacturer Lenovo made the news in a big way this week, but unfortunately these weren’t good news for anybody. A little write up on the MITM attack... https://blog.malwarebytes.org/privacy-2/2015/02/lenovo-and-the-superfish-fiasco/ And... Komodia/Superfish SSL Validation is broken Ted. Link to comment Share on other sites More sharing options...
NeWOT Posted February 21, 2015 Share Posted February 21, 2015 (edited) I didn't understand it.I uninstalled the software from Add/Remove programs features. Then I saw some article and I removed the Superfish certificate. What has happen or could happen ? Thanks. PS: I'm so confused, also I'm running MalwareBytes and Windows Firewall.. Edited February 21, 2015 by NeWOT Link to comment Share on other sites More sharing options...
AcidShout Posted February 21, 2015 Share Posted February 21, 2015 I didn't understand it. I uninstalled the software from Add/Remove programs features. Then I saw some article and I removed the Superfish certificate. What has happen or could happen ? Thanks. PS: I'm so confused, also I'm running MalwareBytes and Windows Firewall.. MalwareBytes and Windows Firewall won't help you at all if the root certificate is still installed. Link to comment Share on other sites More sharing options...
NeWOT Posted February 21, 2015 Share Posted February 21, 2015 MalwareBytes and Windows Firewall won't help you at all if the root certificate is still installed. But what happen or what could happen if I had it in my certificate? On lenovo install it was something to accept T.O.S about their government something... Link to comment Share on other sites More sharing options...
Teddy Rogers Posted February 21, 2015 Author Share Posted February 21, 2015 In short someone could copy Komodia's security certificate very easily and instigate a MITM attack and you wouldn't even know there was a problem. Your "secure" connections to banks, merchant websites, etc. would be open for them to snoop on the contents of the traffic as if it had been sent in plain text. The big problem about this is that it is very easy to do. I would recommend you ensure your machine is cleaned before connecting to unknown networks such as internet cafes, open WIFI connections, etc. Apparently Windows Defender is now reporting this as a threat, that should tell you how bad it is! Try this online test... https://filippo.io/Badfish/ Ted. Link to comment Share on other sites More sharing options...
Teddy Rogers Posted February 21, 2015 Author Share Posted February 21, 2015 You can read more about exploiting it here... As discussed in my previous blogpost, it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours. http://blog.erratasec.com/2015/02/exploiting-superfish-certificate.html Ted. Link to comment Share on other sites More sharing options...
NeWOT Posted February 21, 2015 Share Posted February 21, 2015 You can read more about exploiting it here... http://blog.erratasec.com/2015/02/exploiting-superfish-certificate.html Ted. Thanks. The website said I don't suffer from it. And I read his post on blog but I didn't understand much. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now