Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmWill the madness never end? Komodia SSL certificates are EVERYWHERE2015-02-19T23:41:17+00:00
http://marcrogers.org/2015/02/19/will-the-madness-never-end-komodia-ssl-certificates-are-everywhere/
jmI think that at this point it is safe to assume that any SSL interception product sold by Komodia or based on the Komodia SDK is going to be using the same method. What does this mean? Well, this means that those dodgy certificates aren’t limited to Lenovo laptops sold over a specific date range. It means that anyone who has come into contact with a Komodia product, or who has had some sort of Parental Control software installed on their computer should probably check to see if they are affected.
]]>komodia via:jgc ssl lenovo parental-control censorware mitmhttps://pinboard.in/https://pinboard.in/u:jm/b:cea5b044b113/Extracting the SuperFish certificate2015-02-19T21:56:54+00:00
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOZYG7CsVyQ
jmreverse-engineering security crypto hacking tls ssl superfish lenovohttps://pinboard.in/https://pinboard.in/u:jm/b:8f91913b0532/The Superfish certificate has been cracked, exposing Lenovo users to attack | The Verge2015-02-19T21:41:15+00:00
http://www.theverge.com/2015/2/19/8069127/superfish-password-certificate-cracked-lenovo
jmThe cracked certificate exposes Lenovo users to man-in-the-middle attacks, similar to those opened up by Heartbleed. Armed with this password and the right software, a coffee shop owner could potentially spy on any Lenovo user on her network, collecting any passwords that were entered during the session. The evil barista could also insert malware into the data stream at will, disguised as a software update or a trusted site.
Amazingly stupid.]]>superfish inept ca ssl tls lenovo mitm securityhttps://pinboard.in/https://pinboard.in/u:jm/b:26af7d2dade0/Superfish: A History Of Malware Complaints And International Surveillance - Forbes2015-02-19T17:11:02+00:00
http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-history-of-malware-and-surveillance/
jmSuperfish, founded and led by former Intel employee and ex-surveillance boffin Adi Pinhas, has been criticised by users the world over since its inception in 2006.
]]>superfish lenovo privacy surveillance ads java windows mac firefox pups ssl tls ad-injection komodiahttps://pinboard.in/https://pinboard.in/u:jm/b:d4e4b3072b48/