Now we have to worry about Ad-blocking software !!
greybeard last edited by
After the recent release of information regarding "Superfish" on Lenovo laptops we now yet another vulnerability. [b][i]Ad-blocking software.[/i][/b] According to [url=http://www.bbc.com/news/technology-31586610]BBC News[/url] yesterday morning the latest culprit is a product called PrivDog. [quote]designed to block ads and replace them with ones from "trusted sources"[/quote] To accomplish the software essentially does a Man in the Middle attack, intercepting connections and replacing them with its own then issuing fake certificates to fool your browser into showing those. This process appears to leave computers vulnerable as it now accepts [b]all [/b]https certificates [b]without validation[/b]. Here we are trying to protect ouselves, or trying to make our browsing experience better and what do we get in return from these software vendors? They prey on such users and make them even more vulnerable. Now we just have to find out who else in in that mix (as apparently many types of [b][i]anti-malware[/i][/b] software and [b][i]parental control [/i][/b]software use these methods) and expose them also. (Some of the programs are listed in [url=http://arstechnica.com/security/2015/02/ssl-busting-code-that-threatened-lenovo-users-found-in-a-dozen-more-apps/][color=#0000bb][b]this article[/b][/color][/url] at arstechnica.com.) As security expert Graham Cluley says on the [url=http://blog.lumension.com/9848/whats-worse-than-superfish-meet-privdog-leaving-users-wide-open-to-attacks/?utm_source=GCHQ+-+Graham+Cluley%27s+Security+Newsletter&utm_campaign=b48e1c69f7-GCHQ+-+Graham+Cluley%27s+Security+Newsletter&utm_medium=email&utm_term=0_8106850f4a-b48e1c69f7-58585265][color=#0000bb][b]Lumension blog[/b][/color][/url]: [quote]"How are you supposed to trust the web ever again, if you’re running “a new layer of internet security” that destroys the entire concept of web certificates? A web where every rogue certificate is accepted, where no browser warnings are triggered, and where certificates (bad or not) are replaced by one that the browser will trust."[/quote] Interested in finding out if you are affected? Check the link below, (I trust it): [b][i][u][color=#000000]read the instructions carefully and follow them !![/color][/u][/i][/b] https://filippo.io/Badfish/
Yes, preinstalled software is always a problem on PCs. You have to trust your PC dealer or manufacturer.
In the past there were alwys issues with unsafe/outdated software on computers of big manufacturers.
But some webfilters and internet security software do install faked/intercepting certificates for SSL scanning, too.
Dont use web filters and deactivate antivurus scan for SSL connections and our data will always be on encrypted transport.
It is not easy to check and trust installed software if yo are not a IT geek but a normal PC user.