Jump to content

Comodo, Lavasoft software bundled with Superfish-type code


Recommended Posts

Comodo, Lavasoft software bundled with Superfish-type code

Lenovo is not the only one in adware hot water after separate reports accuse two antivirus software providers of using a similar exploit to Superfish.

Reports implicate both Lavasoft and Comodo in schemes that use secure socket layer (SSL) technology in different ways but are mainly focused on monitoring SSL traffic in some shape or form.

In the first case, Lavasoft's Ad-aware Web Companion was found to include the SSL-interception technology sold by Komodia that was at the heart of Superfish and 14 other programs.

The proxy software works by tricking browsers into trusting any self-signed certificate and Lavasoft put it inside the Web Companion to intercept and monitor SSL traffic.

Comodo's case, meanwhile, involves its Internet Security suite that comes with PrivDog built in, which apparently makes browsers trust any self-signed certificate and leaves users open to man-in-the-middle attacks and complete bypasses of HTTPS protection.

Still out there?

PrivDog is, according to Comodo, a piece of software that bolsters security by taking ads from web pages and replacing them with ads from sources that are trusted.

Lavasoft has so far been unable to confirm if the compromised part of Komodia SSL Digestor has been fully removed whereas Comodo has not come out publicly to comment on the PrivDog software.

Via: Ars Technica



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.