jm + superfish   3

Extracting the SuperFish certificate
not exactly the most challenging reverse I've ever seen ;)
reverse-engineering  security  crypto  hacking  tls  ssl  superfish  lenovo 
february 2015 by jm
The Superfish certificate has been cracked, exposing Lenovo users to attack | The Verge
The cracked certificate exposes Lenovo users to man-in-the-middle attacks, similar to those opened up by Heartbleed. Armed with this password and the right software, a coffee shop owner could potentially spy on any Lenovo user on her network, collecting any passwords that were entered during the session. The evil barista could also insert malware into the data stream at will, disguised as a software update or a trusted site.


Amazingly stupid.
superfish  inept  ca  ssl  tls  lenovo  mitm  security 
february 2015 by jm
Superfish: A History Of Malware Complaints And International Surveillance - Forbes
Superfish, founded and led by former Intel employee and ex-surveillance boffin Adi Pinhas, has been criticised by users the world over since its inception in 2006.
superfish  lenovo  privacy  surveillance  ads  java  windows  mac  firefox  pups  ssl  tls  ad-injection  komodia 
february 2015 by jm

Copy this bookmark:



description:


tags: