Here is the underlying Lenovo problem:
http://www.kb.cert.org/vuls/id/529496 ” Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing”
And unfortunately this Komodia Redirector is inside a Lenovo software installation (Superfish)
Here is a Techworld story: http://www.techworld.com/news/security/lenovo-not-alone-in-suffering-from-superfish-security-flaw-3598898/ which also discusses the problem both in Lenovo systems:
“ Security researchers found two major issues with this implementation. First, the software used the same root certificate on all systems and second, the private key corresponding to that certificate was embedded in the program and was easy to extract.”
And outside of Lenovo systems which is any software that has the Komodia SDK (Software Development Kit).
This is the technical nuts and bolts of the certification issue:
https://gist.github.com/Wack0/17c56b77a90073be81d3
“Keep My Family Secure” is software that has the bad SDK
“Qustodio” has the bad SDK
A Brazilian parental control software: ” Kurupira webfilter” has the bad SDK
how about “Staffcop”?
even ” Lavasoft Ad-Aware Web Companion” is unsafe
“PUP Sendori” also
“Secureteen Parental Control Software”
All these software efforts were designed ineffectively and without security in mind. Now they are all in legal limbo
this will continue to happen until all execs and boards start to improve Cybersecurity for Y2015 not stay in Y2000 thinking.
Contact us to help you develop a new cybersecurity strategy.
check this link out to help you decide about changing your cybersecurity strategy.
http://www.fixvirus.com/must-have-a-good-cybersecurity-strategy/
The Komodia website is offline right now, the admin infers it is a DOS attack:
I am not going to recount the actual hacking details of this attack (a typical Man in the middle(MITM) attack) which is fairly straight forward for a hacker.
Here is a story on forbes.com abotu the Komodia company: http://www.forbes.com/sites/thomasbrewster/2015/02/20/komodia-lenovo-superfish-ddos/
This is very interesting back and forth with the Komodia founder Barak Weichselbaum (former IDF Intelligence core programmer:
“In a brief email conversation with Barak Weichselbaum, Komodia’s founder who was once a programmer in Israel’s IDF’s Intelligence Core, he said the company was not hiding behind DDoS claims and that the attack was real. “We had to decide if we focus on it, or on other things, we are busy as you can imagine. I saw on forums people say we’re hiding, the site can be seen from the internet archive, so no point trying to hide anything. Regarding the Lenovo Superfish story I’m unable to comment because of contractual reasons,” he told Forbes.”
said Rogers.
“This problem is much bigger than we thought it was.”
It’s a problem people evidently care about too. That’s why Komodia is under digital fire right now.
Here are videos from Komodia, an explanation of their software:
It seems any parental control software is susceptible to attacks. If you need help in this Cybersecurity matter:
Anybody who used this is in trouble… instead of saving money on re
Contact Us to help you sort out this problem.