It should be immediately obvious that this is a Very Bad Thing. This is what security experts call a “man-in-the-middle attack,” meaning something or someone that interjects itself between two parties attempting to have secured communications. What Superfish has done is replace these certificates with one of its own, which gives the software the ability to intercept any data being sent to or from such a secure site. This protects you from snoops, who cannot see any potentially sensitive data being transmitted. So, when you connect to your bank’s website, for example, a certificate is used to encrypt all data sent between your browser and the bank site. The lock icon shown by browsers when the user is connecting to an “HTTPS” site is an indication that the connection is being secured, using a form of encryption that relies on an SSL “certificate” issued by a trusted certificate authority. Replacing SSL certificates is a significant security issue. It turns out that the same behavior is being exhibited by software that many people are inclined to trust: Avast’s anti-virus software! The primary issue concerning experts is that Superfish replaced SSL certificates, used for ensuring secure connections on the internet, with its own certificates. The security community is ablaze with news of Superfish being pre-installed on some Lenovo computers. February 24th, 2015 at 12:47 PM EST, modified
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |