
Is PrivDog another Superfish - babawere
While reading about Superfish, I ran this simple test at https:&#x2F;&#x2F;filippo.io&#x2F;Badfish&#x2F; by visiting the webpage and noticed despite the fact i don&#x27;t have superfish installed i failed the test and got “Yes, Your connections can be tampered with”.<p>After quick check on my system, I realized I might have failed the test due to the presence of PrivDog (http:&#x2F;&#x2F;www.privdog.com&#x2F;) on my system.<p>Here is a screenshot of Bank of America http:&#x2F;&#x2F;i.imgur.com&#x2F;pbEFW5X.png<p>Is this another Superfish?
======
ig1
Did you get Privdog with Comodo Internet Security, if so can you share what
version of Comodo Internet Security it was ?

~~~
babawere
Its came with the version 7 and you can see here
[https://help.comodo.com/topic-72-1-451-6840-.html](https://help.comodo.com/topic-72-1-451-6840-.html)
it says

You can install PrivDog while installing Comodo Internet Security or by
downloading the app from www.privdog.com/downloads.html

I saw the option to install PrivDog while Installing the Comodo Internet
Security

~~~
ig1
It looks like Privdog which was bundled with CIS didn't have the vulnerability
(it was an older version of Privdog) but if you downloaded it from the website
you would have had the new version (Privdog v3 or later) which would have had
the vuln.

If you're running the version of Privdog which came with CIS could you check
the version of Privdog ?

Badfish shouldn't have failed for you with the bundled version, but if it did
that's probably something that needs to be looked at more deeply.

------
hannob
Actually it is worse than Superfish.

It does TLS MitM, but it doesn't do any verification at all. It just accepts
every self-signed cert and replaces it with a cert signed by it's locally
installed root cert.

So it completely disables HTTPS protection. Everyone who has this: get rid of
it, this is super-dangerous.

------
0942v8653
Looks like one of those malwares that takes the ads out of a website and
replaces them with its own. In order to do this over SSL/TLS it has to use its
own certificate—as if that weren't bad enough, you're vulnerable to man-in-
the-middle attacks through HTTPS.

~~~
babawere
Why would comodo promote such a software ???

~~~
cordite
Apparently security software giants have motives other than security these
days.

This really makes me put more faith into microsofts own defender.

------
al2o3cr
There are a bunch of these - check the cert that you're getting from BofA and
add a comment here if it's similar:

[https://gist.github.com/Wack0/17c56b77a90073be81d3](https://gist.github.com/Wack0/17c56b77a90073be81d3)

------
duskwuff
Yes, it is!

The fact that you're getting this result from the Badfish test page means that
_Privdog is not validating SSL certificates correctly_. This is incredibly bad
-- uninstall this software immediately.

~~~
babawere
Its bad enough because this was bundled with Comodo Internet Security (
[https://help.comodo.com/topic-72-1-451-6840-.html](https://help.comodo.com/topic-72-1-451-6840-.html)
and
[https://help.comodo.com/topic-169-1-413-6109-.html](https://help.comodo.com/topic-169-1-413-6109-.html)
)

~~~
unluckier
Neither of those links imply that PrivDog is bundled with those apps. It just
mentions it as something you can download.

 _Edit_ : Just re-read the linked document. Yes, it does indicate that it's an
install-time option. However, I've yet to see confirmation that Comodo
software comes bundled with the SSL-intercepting version of PrivDog.

~~~
shiftpgdn
It auto-installs via nagware however.

------
ynhckernws
waited and its fixed, and ran test: Good, you seem not to trust the Superfish
CA. Also no other SSL-disabling product was detected on your system. with
PrivDog installed No need to uninstall it. Sometimes give it 24 hours from
when uncovered and things are fixed after releasing the info. For those that
said remove immediately, well you can reinstall it now, for those that waited
like me, good job as I wasn't using my pc when the report was posted/then the
app was updated.

------
ynhckernws
Made the bbc:
[http://www.bbc.com/news/technology-31586610](http://www.bbc.com/news/technology-31586610)
Update: "The issue potentially affects a very limited number of websites," the
firm said in a statement.

"The potential issue has already been corrected. There will be an update
tomorrow(2/24/2015), which will automatically update all 57,568 users of these
specific PrivDog versions."

Ad-blocking software is 'worse than Superfish'

The software was created by the founder of security firm Comodo

Researchers have identified a fresh threat to the way consumers interact with
websites, this time from software designed to block advertisements.

PrivDog has been found to compromise a layer of the internet known as Secure
Socket Layer (SSL) - used to safeguard online transactions.

It follows the discovery of a similar problem with Superfish, software pre-
installed on some Lenovo computers.

PrivDog said that its issue might compromise more than 57,000 users.

"The issue potentially affects a very limited number of websites," the firm
said in a statement.

"The potential issue has already been corrected. There will be an update
tomorrow, which will automatically update all 57,568 users of these specific
PrivDog versions."

PrivDog - a tool designed to block ads and replace them with ones from
"trusted sources" \- joins a growing list of software affected by related
security flaws.

Experts say they have uncovered a further dozen examples since Superfish was
brought to the public's attention last week.

Superfish was designed to help users find products by visually analysing
images on the web to find the cheapest ones.

But it compromises security by intercepting connections and issuing fake
certificates - the ID's used to identify websites - to trick sites into
handing over data. This a practice commonly known as a man-in-the-middle
attack.

Lenovo has since issued a tool to allow users to remove the hidden software.
It now faces legal action from a group of users who say that it acted
unlawfully in pre-loading it.

Shocking PrivDog, has been described by several experts as being "worse than
Superfish".

A particular concern is its links to the security firm Comodo, which issues a
third of the secure certificates used on the web.

PrivDog was developed by the founder of Comodo, Melih Abdulhayogulu, and some
versions of it are packaged with Comodo's own software.

But Comodo told the BBC that the affected versions "had never been
distributed" by it.

A discussion begun on the Hacker News forum first uncovered that in the
process of swapping adverts, PrivDog also appeared to leave machines
vulnerable to attack.

In a blogpost freelance technology journalist Hanno Boeck explained: "A quick
analysis shows that it doesn't have the same flaw as Superfish, but it has
another one which arguably is even bigger."

"PrivDog is in every sense as malicious as Superfish," added Simon Crosby, co-
founder of security firm Bromium.

"It intercepts and decrypts supposedly secure communication between the
browser and a remote site - such as the user's bank - ostensibly to insert its
own advertising into pages in the browser.

"It is substantially more scary, though, because PrivDog effectively turns
your browser into one that just accepts every https certificate out there
without checking its validity, increasing vulnerability to phishing attacks,
for example."

User privacy Last week Comodo announced that it had become the number one
digital certificate authority in the world, with its products used by nearly
35% of all websites ending in .com.

"They are one of the leading certificate authorities, and the fact that
PrivDog is issuing fake certificates is shocking," said Marc Rogers, principal
researcher at security firm CloudFlare.

In a blogpost written at the beginning of 2014, Mr Abdulhayogulu said that he
had developed PrivDog "with the privacy of the user in mind".

"Isn't it great that the company whose DNA is about your security makes more
money so that they can continue to innovate and invest in products that make
you safer," he wrote at the time.

Parental controls Security experts have identified a growing list of software
that appears to interfere with SSL.

Most of the products were developed by security firms, said Mr Rogers.

They include anti-malware software and tools designed to offer parents more
control over their children's web browsing.

All can be traced back to Komodia - technology developed by an Israeli firm,
which describes itself as a "SSL hijacker".

At the time of writing, Komodia's website was offline. It blamed this on a
denial-of-service attack prompted by "recent media attention".

------
ryanlol
Maybe. Export the cert and post it.

