

Superfish or Stupidfish? - deitcher
http://blog.atomicinc.com/2015/02/20/superfish-or-stupidfish-2323/

======
danielweber
I don't like how he says the key was "cracked."

The key was sitting there in the binary in plaintext. Any college student with
a few years of Unix tools under his belt could have done it in an hour.

That's how horrible this tool was. Anyone who noticed this months ago could
have been using this key to MITM people.

~~~
orng
Sure, but even though it was easy it still required "cracking". In the
beginning the secret was not know but in the end the 'adversary' was able to
determine the secret. In my mind "cracking" a password or a code refers to
uncovering the secret which is exactly what was done in this case. If the
password would have been brute forced over a couple of days you would probably
call it cracking. The same principle should apply even if you guess the
password to be "password" in the first try.

------
jrochkind1
Awful title, but the first article I've found (and I tried googling) that
actually summarizes what the heck is going on from the ground up. Thanks for
posting.

~~~
deitcher
I write a technology business article a day; darn near impossible to come up
with good titles daily. Still, I'd rather have a good title, then an awful
title, and only last a boring title.

------
johnward
Superphish

------
abluecloud
what an awful title

~~~
shogun21
Awfultitle or Stupidtitle?

~~~
deitcher
I take it back. Lenovo could be even more stupid. Did you see the comments by
their CTO about how their problems are just "theoretical"?

