
Extracting the SuperFish certificate - robin_reala
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html
======
Kronopath
Question for the more legally-minded among us: Can Lenovo face consequences
over this? I mean, they deliberately crippled the security systems of their
consumer goods, presumably without properly notifying their customers. That
sounds like the kind of thing a company could, or should, get sued for.

~~~
rlpb
AIUI, the only people who could claim damages in a civil suit are ones that
could demonstrate actual costs as a consequence for Lenovo's action.

Maybe the cost of a security audit required as a consequence of this issue
might qualify - I don't know. But there would have to be actual costs
involved.

~~~
tomp
> AIUI, the only people who could claim damages in a civil suit are ones that
> could demonstrate actual costs as a consequence for Lenovo's action.

So, basically what you're saying is that I can secretly take nude photos of
you (when you're _not_ in a public place), and "enjoy" them (in whichever
manner) but not share them with the public, and you can't sue me _unless_ you
can demonstrate my actions actually costed you money?

~~~
rlpb
In general, that's correct.

However, depending on your jurisdiction that may be a crime. In that case, I
or the state might be able to prosecute you under criminal law. I don't
generally understand that to be within the meaning of "sue" though. And, again
in general, criminal conviction leads mainly to punishment rather than
reparations to the victims.

Oh, and exceptionally, if I'm your "model" then without me signing an
appropriate release I own copyright on your photos, so I may be able to sue
you for losses (probably to the value of you buying an equivalent market-rate
DVD or something).

~~~
tomp
> if I'm your "model" then without me signing an appropriate release I own
> copyright on your photos

You sure about that? AFAIK the copyright is with the creator, i.e. the
photographer. Model release is required on for privacy purposes, not for
copyright.

~~~
sib
That is correct, at least in the USA. Photog owns the copyright upon creation.
Model release is required for (certain) uses in publication, but not all - for
example, newspapers do not have to get model release from people in
photographs used for editorial purposes.

------
hurin
So while individuals have been charged with numerous hacking charges and
potentially decades in jail time for mundane things, such as obtaining plain
text info and port scans.

Lenovo which actually facilitated breaking ssl security on all of their
customer computers is going to get away scot-free?

~~~
crisnoble
It is more likely that Robert Graham will be charged for "Unlawfully guessing
a password and talking about it"

~~~
kevin_thibedeau
"Ladies and gentlemen of the jury. We will show you how the defendant used the
notorious hacker tool known as 'strings' to facilitate his vendetta against
Lenovo."

------
Shank
There's an ongoing discussion with some members of the Chrome team on Twitter
involving whether or not they should revoke the cert:
[https://twitter.com/matthew_d_green/status/56843703790644428...](https://twitter.com/matthew_d_green/status/568437037906444288)

~~~
higherpurpose
[https://twitter.com/agl__/status/568443835841261569](https://twitter.com/agl__/status/568443835841261569)

Thanks for making HTTPS non-mandatory in HTTP/2, IETF!!

~~~
nickysielicki
That is fucking infuriating. What was their reasoning for removing it?

[http://lists.w3.org/Archives/Public/ietf-http-
wg/2013OctDec/...](http://lists.w3.org/Archives/Public/ietf-http-
wg/2013OctDec/0625.html)

>To be clear - we will still define how to use HTTP/2.0 with
[http://](http://) URIs, because in some use cases, an implementer may make an
informed choice to use the protocol without encryption. However, for the
common case -- browsing the open Web -- you'll need to use
[https://](https://) URIs and if you want to use the newest version of HTTP.

Someone explain to me when "an informed choice" would ever come to the
conclusion of, "Encryption? Not Necessary!"

~~~
xg15
Localhost connections? Watching your own traffic on a LAN for debugging
purposes?

~~~
spb
Exactly. HTTPS is for the public-facing Nginx proxy. No reason to require a
cert to encrypt traffic on the internal bridge to the app.

~~~
nickysielicki
No reason?

[https://plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG](https://plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG)

------
snsr
Looks like Superfish (and Lenovo) are using this malware -

[http://www.komodia.com/products/komodia-
redirector/](http://www.komodia.com/products/komodia-redirector/)

~~~
qzw
Yeah, they even have a page specifically geared toward people who want to use
it for ad injection:

[http://www.komodia.com/ad-injection-sdk/](http://www.komodia.com/ad-
injection-sdk/)

Edit: spelling

~~~
robin_reala
That page is scary reading. They’re actively selling their product as
resistant to AV software and warning that it might be targeted by
Google/Microsoft in the future.

~~~
markbnj
Yep, I was just thinking the same thing. Pretty horrifying to read "The SDK
has anti virus capabilities and each compiled version generates a totally new
version" and realize that a major PC OEM knowingly installed this on new
systems. It's malware in every sense of the word.

~~~
PhantomGremlin
No honor among criminals. They also:

    
    
       Actively remove global proxy injected JS by
       either removing the JS from HTML or blocking
       the requests to the ad server.
    

So if someone else injects JS, they remove it before injecting their own.

------
jere
This is incredibly interesting. I was like cheering at this point:

>I could just use the file super.txt as my dictionary!

------
samsk
There is a way how to identify MITM on HTTPS connection. If you are using SSL
cert authentication via HTTPS, than it stops working, because browser (at
least my FF) will not know that it should send a client cert to server and you
can not 'login' (not analyzed it deeply)...

I discovered it when I'be bought Lenovo Yoga2 Pro in December, and I could not
login to my site that is using SSL cert authentication. Google than
recommended me to remove SuperFish...

~~~
captn3m0
I think what you are referring to is Cert Pinning.

[1]: [http://security.stackexchange.com/questions/29988/what-is-
ce...](http://security.stackexchange.com/questions/29988/what-is-certificate-
pinning)

~~~
rchowe
I believe the intent of the parent poster was actually correct. SSL client
certificates [1] are a way to securely authenticate (i.e. login) by using a
certificate which you control the key to in addition to the normal SSL
certificate for the website.

An over-simplified example: if Alice (A), a client with web browser on a
compromised computer, wants to access the BigCorp website (B) she sends a
challenge, such as a random string, to B, and B sends back the challenge
encrypted with the BigCorp SSL certificate. Alice's browser verifies that the
signature corresponds to a valid certificate, which it does because BigCorp's
certificate is legitimate and signed by a legitimate CA, and then Alice's web
browser and the web server negotiate a session key to use for SSL.

If we introduce an attacker, Eve (E), to this, who has the key to a trusted
certificate on Alice's machine, Eve can intercept Alice's original challenge
and send back an answer to that using the trusted certificate, which Alice
thinks is genuine because the certificate is valid in her browser. This is
where certificate pinning helps, since if Alice has visited the site before,
the certificate does not match and she gets an error. After the negotiation,
Eve then has a session key to both A and B, and any data that A sends, Eve
decrypts and re-encrypts with the session key for B, passing it seamlessly
onto B, and vice versa for traffic going the other way.

SSL client certificates break for a MITM attack for a different reason. When
Alice is using an SSL client certificate to authenticate herself, she has her
own certificate on her machine which she knows the private key to (it can even
be self-signed). The web server knows Alice's public key (stored like a
password hash in a database), and can therefore perform a similar challenge
for Alice. When Eve intercepts this challenge, she cannot send a valid
response back to the server, as the only valid key for Alice's account is
stored on Alice's computer. Therefore, sites that let you sign in with an SSL
client certificate often just stop working when you are being MITM'd.

[1] [http://www.symantec.com/connect/blogs/client-certificates-
vs...](http://www.symantec.com/connect/blogs/client-certificates-vs-server-
certificates-what-s-difference)

------
joelthelion
I hope the people in IT departments who like to pretend things like Websense
or Cisco Web Security are good things are reading this.

~~~
jjarmoc
I've been hoping for years people would wake up to the risks of these things.

I presented on the topic at Blackhat Europe a few years back, where I
disclosed several certificate validation flaws in Cisco Ironport. I understand
there's legitimate reasons for enterprises to want to decrypt and inspect TLS
connections, but it's not without it's risks and downsides.

If you're curious about my past work, see: [http://www.secureworks.com/cyber-
threat-intelligence/threats...](http://www.secureworks.com/cyber-threat-
intelligence/threats/transitive-trust/) [http://media.blackhat.com/bh-
eu-12/Jarmoc/bh-eu-12-Jarmoc-SS...](http://media.blackhat.com/bh-
eu-12/Jarmoc/bh-eu-12-Jarmoc-SSL_TLS_Interception-Slides.pdf)

~~~
userbinator
Good set of slides. Companies are more likely to be afraid of the other risk,
which is why SSL interception is used - when malware makes use of it to avoid
detection.

Security cuts both ways. I think the most important point is that the user
should be in control of the traffic, which means knowing whether or not
interception is being used.

~~~
jjarmoc
Yeah, it's a balancing act, and there's certainly a desire (and probably even
a legitimate need) to monitor encrypted comms for malware C&C channels, data
exfiltration, etc.

Your view seems to reflect a similar nuance as my own. Administrators need to
weigh the risks and benefits as it relates to their own environment, and users
should at least be aware that such monitoring is taking place. Beyond that,
there's some technical challenges, but I see the bigger issues as political
and expectation vs. reality alignment.

There's also a video of my talk online, which I'd honestly forgotten about.
Maybe someone will find it interesting;
[https://www.youtube.com/watch?v=7TNdHzwTNdM](https://www.youtube.com/watch?v=7TNdHzwTNdM)

------
soheil
Interesting, from komodia's website:

"Barak Weichselbaum founded Komodia, Inc. in 2000, following his military
service as a programmer in the IDF’s Intelligence Core."
[https://twitter.com/idfspokesperson](https://twitter.com/idfspokesperson)

~~~
rdsnsca
The only way to get out of being drafted in Israel is to be pregnant.

No way out for a male.

~~~
fny
Not true. Certain cultural groups (e.g. orthodox, Arabs, Druze) and others are
exempted:
[http://en.wikipedia.org/wiki/Exemption_from_military_service...](http://en.wikipedia.org/wiki/Exemption_from_military_service_in_Israel)

------
plorg
I was just browsing some pages on the Lenovo forums where users were
complaining about SuperFish (some from January, one updated complaint from
today). I refreshed a page and received a message stating that the forums are
down for maintenance. Either this is damage control or the forum provider
(Lithium?) was ill-provisioned for the current level of traffic.

------
mmastrac
The key is on Github now:

[https://gist.github.com/mathiasbynens/7a13a467b22c42505490](https://gist.github.com/mathiasbynens/7a13a467b22c42505490)

~~~
bigiain
And, you'd have to assume, in at least private versions of metasploit and wifi
pineapple already...

------
annnnd
Question: how does it work if user goes to the page which has invalid / self-
signed certificate? Does proxy sign the altered page with the same certificate
as others, thus making the warning go away? This would leave you open to other
parties' MITM attacks too (because warnings are silently ignored).

Or do they leave the page intact if the page certificate is not legit?

~~~
xnyhps
Assuming, from the password, that it uses "SSL Digestor" by Komodia, then yes,
it should generate an invalid cert:

[http://www.komodia.com/wiki/index.php?title=SSL_Digestor#Cer...](http://www.komodia.com/wiki/index.php?title=SSL_Digestor#Cert_creation)

------
geococcyxc
If the private key/certificate really is the same for every installation of
superfish, it would be interesting to investigate whether the the key is
shared by all the other customers of the SSL interceptor as well. Their
references mention Barracuda Networks and Astrill, for example.

~~~
danielweber
As someone who used to work for a Barracuda competitor and would love to spill
some hot soup on them, I'm very confident in saying: no way. Even if they were
dumb and incompetent enough for this (they aren't), enough of their customers
are savvy enough to demand they change it.

------
namesty
If you are a developer and want to disable superfish on your site, follow the
instructions here: [http://glipdev.github.io/](http://glipdev.github.io/)

We discovered this a few months ago after customers with lenovo laptops were
complaining that our site wasn't working for them.

~~~
michaf
So you could MitM between superfish and the internet, insert

<meta name="superfish" content="nofish">

and everything is all right ;-)

~~~
namesty
Hah exactly!

------
nailer
Why would they voluntarily distribute their own private key?

~~~
nothrabannosir
It's a local proxy, meaning the certificate needs to be deployed locally.

~~~
nailer
Ah - I'd assumed they had a box in China somewhere that was MITMing and
injecting the ads. Thanks.

~~~
mahouse
Taking away the legal aspect, that would be incredibly slow and easily
noticeable.

~~~
sillysaurus3
It wouldn't delay the page load time, so it doesn't seem like it would be slow
or very noticeable. As a user, at most you'd notice ads popping up a few
seconds after the page loaded. But users without adblock are used to such
things. And as long as the adware reserves a blank space on the page to
display ads, the ads won't mess with the layout of the page when they load.

EDIT: Why has this been downvoted twice? It's absolutely correct.

It's a strange day when you post something unambiguously true to HN and it
gets summarily downvoted.

The only part that isn't unambiguously true is that "most users without
adblock are used to such behavior already." But I stand by that phrase,
because "most users" are people who understand almost nothing about about
computers.

Remember, downvotes are reserved for trolls and people you disagree with, not
something which you think is "maybe untrue but I don't know whether it's
true." I've complained in the past about having to write epic edits because
people don't follow this so I have to explain myself further.

Maybe you want more explanation about how precisely the above MITM would work?
Here's how: The page loads. This completes normally, and the user doesn't see
anything differently. In the meantime, Superfish reads the network traffic
that has loaded. It also has injected some javascript in order to reserve a
spot on the page to display ads. This would be a big blank space where the ads
go after they load.

Now the network traffic is sent off to China or wherever. It's analyzed on a
server, then the server sends back commands to Superfish about what to do,
like "Display ad 91234128 at X,Y spot on the webpage."

The total roundtrip time would be no more than a few seconds. China isn't the
moon. Half the speed of light is fast.

~~~
jsmthrowaway
Thank you for the lecture on downvotes. You are 100% wrong because we are
discussing the presence of the private key. Your scenario imagines an
intelligent proxy that interacts with China intelligently. In that scenario
the private key remains on the end user machine to enable low latency as you
describe. The upthread poster presented the scenario wherein the key is not
distributed on end user machines for security reasons, but that then means the
key must live on the theoretical server in China (otherwise how else would you
encrypt a connection against your certificate), which would require passing
the entire TLS connection through that server to perform the MITM.

This subthread is about private key distribution. It's really poor form for
you to react to being downvoted (as legitimately wrong) by lengthening your
comment by a factor of 5 and lecturing people about downvotes.

~~~
sillysaurus3
No, you don't need to pass the TLS connection to China to perform an MITM.
Superfish would generate a cert at installation time, unique to the specific
user that was being targeted. The channel back to China would be protected by
TLS too, but it wouldn't be MITM'able by anyone except Superfish HQ, unless
they lose their private key.

I disagree that it's poor form to react to downvotes when they're wholly
unjustified. Maybe I did a bad job explaining myself. In that case, I should
explain myself better. That's a positive thing, not a negative. Reddit has
this stupid trope like "Complaining about downvotes? That's a paddlin'." Which
if you think about it just a self-reinforcing culture of bandwagoning. But I
imagine that this is now entirely offtopic and boring, so let's focus on the
tech.

~~~
jsmthrowaway
Again, irrelevant. This thread isn't "sillysaurus3 imagines how he would
implement the perfect proxy," it's correcting an assumption about the actual
existing proxy. I suggest if you want to pursue your off topic study of how to
implement a proxy that doesn't introduce latency while performing the
functionality, you do it elsewhere.

You should also read the HN guidelines before explaining downvote etiquette to
me, because they will surprise you, apparently.

~~~
sillysaurus3
Why should I do it elsewhere? This is a thread about an interesting tech
topic, and maybe some people might find that aspect interesting. This is the
last comment I'm going to write to you because this is now wholly
uninteresting to readers. I'll never understand this mindset of "Oh, well,
there might be a misunderstanding here, but rather than clarify it calmly and
rationally, I'll take this as a license to be angry and mean."

Who cares if someone thought that the proxy was going to work like X, but it
turned out to work like Y? What matters is that if it can work like Z, then Z
should be pointed out, especially if it enables some interesting aspect that
people previously hadn't noticed. Anyway, you've successfully killed the fun
of HN for me for the day, so see you later.

~~~
jsmthrowaway
It says a lot about you that you think a calm explanation of your downvotes,
as you are plainly in hysterics over them, is me being angry and mean. I meant
elsewhere in the thread. You corrected someone who was correcting someone
else, and you were wrong about the spirit of your correction. I was calmly
suggesting that if you want to think through such a hypothetical you shouldn't
do it as a misplaced correction.

You really need to unplug for a bit. I'm dead serious.

~~~
sillysaurus3
Okay, I see. Thank you for the explanations. You're probably right.

EDIT: Yeah, I was being an idiot. Thanks for the reality check.

------
driverdan
I'm surprised hashcat doesn't support PEM files and there doesn't seem to be
any public GPU based cracker.

------
jessaustin
Is it good or bad that they made no attempt at all to obfuscate the cert and
password? I mean, obviously this whole stupid MitM attempt is stupid, but by
leaving this stuff totally in the clear, can they claim to have done all this
out of stupidity rather than out of a callous disregard for the security of
their customers?

~~~
xnyhps
They added a password to the private key which they didn't have to, so it's
not true that they didn't attempt to obfuscate it at all. In practice that
only bought them a couple of hours at most, but why add a password unless
you're trying to stop people from using it?

~~~
mikeash
If you subscribe to the idea that you shouldn't assume malice when stupidity
suffices, maybe the programmer in question just saw somewhere that it's good
practice to use a password on private keys, and didn't understand why you do
it or how it helps.

~~~
jessaustin
Yeah that's another point for the "don't blame us because we're stupid"
argument. They're actually _so_ stupid that they use a password, that's
_stored in the same place as the cert_. If they used any of the standard anti-
reversing techniques, that would have implied enough sophistication to be
expected to know how TLS certs work, thus enough sophistication to know to
just generate new certs on first use. One would have expected Commodea to make
this automatic for their poor stupid customers, however.

------
gaia
Anyone up for decoding the cert used by GoGo Inflight WiFi Service?

[https://www.techdirt.com/articles/20150105/09344429597/gogo-...](https://www.techdirt.com/articles/20150105/09344429597/gogo-
inflight-wifi-service-goes-man-in-the-middle-issues-fake-google-ssl-
certificates.shtml)

~~~
moyix
This is not likely to be possible. Rob Graham was able to do it for Superfish
because the SSL interceptor resides on the same machine as the browser,
meaning that the private key is accessible to anyone who installs Superfish.

By contrast, the GoGo interceptor is going to be a computer somewhere either
on the plane or possibly on the ground (at some GoGo data center), meaning
that its private key isn't accessible unless you can somehow gain access to
the interceptor system.

------
tn13
I think there is one more party involved here that no one talks about.
Microsoft! Sooner or later Microsoft will have to reconsider their partnership
with hardware manufactures such as Lenovo for consumer products.

Too much of choice and too much of competition has made consumer PC laptops
shopping an unpleasant experience. Windows Surface Pro 3 however is an amazing
device. In my opinion Microsoft should now come with their own laptops made by
MS well integrated with Windows Phones, Xbox and Band.

------
cheesedoodles
Keller Rohrback L.L.P is taking the opportunity to get in the spotlight by
investigating possible claims [0][1]. Would be interesting to see the how it
evolves.

Looking at Komodias webpage, Lenovo could have a hard time defending that they
did not know about its possible SSL interception. Failing to understand the
impact is Negligence, at least. I would argue that decrypting the traffic is
as intended by Lenovo.

[0]
[http://www.businesswire.com/news/home/20150219006362/en/Kell...](http://www.businesswire.com/news/home/20150219006362/en/Keller-
Rohrback-L.L.P.-Investigating-Superfish-Adware-Lenovo) [1]
[http://www.krcomplexlit.com/index.asp?N=attorneys-Seattle-
WA...](http://www.krcomplexlit.com/index.asp?N=attorneys-Seattle-WA-
Lenovo%27s-Superfish-Malware&C=517&P=12472)

edit: added original source

------
NanoWar
Funny how I just bought a Lenovo yesterday, then read about this MitM issue
and today it's cracked :-/

~~~
Someone1234
To be honest if you purchased a consumer grade Lenovo machine then malware is
the least of your concerns. That thing will be a paper weight within a year.

They're like the "Gateway" laptops of yesteryear. Thinkpad is still "fine" but
Lenovo's consumer stuff is utter junk of the highest order.

Source: Worked at a startup which purchased consumer laptops (shudder). Asus
were "fine," Acer/Dell was "ok," Lenovo were horrifying, only being beaten by
an unbranded laptop we had.

So I'd highly recommend avoiding Lenovo's stuff unless it is a Thinkpad.

~~~
seansm
What about Toshiba's

~~~
vacri
Not sure about current practices, but their support here in Australia was
awful in the late 2000s. They wouldn't even talk to you on the phone unless
you fronted $55. "All I want ask is if you have online documentation and
where, I don't want troubleshooting" -> Nope, $55 before we answer that. Screw
supporting that model.

------
soheil
Can anyone verify if this is also on Chromebook? I just noticed today after I
did a google search on my girlfriend's laptop, a few seconds later a section
appeared called "Visual Results" she has the Chromebook Toshiba 1080p. This
would be insane if in fact it is the same MiTM.

------
benmmurphy
Are google or other browser vendors looking at ways of combatting this in the
future. Would it be a massive privacy invasion to send back root cert details
to the browser vendor so they can identify suspicious root certificates.

It might be nice for browsers to flag locally installed root certificates and
give some kind of visual indication to users but I'm not even sure how easy
this is to do because a lot of browsers use the system roots and don't control
the roots directly. its easy to identify the extra certs when you control the
original roots.

also apparently this doesn't go down too well with corporate users who want to
install extra private roots for internal services or for MITM.

~~~
nugget
If Chrome implemented better cert checks, Lenovo (or anyone else) could just
install their own version of ''Chromium, enhanced by Superfish'' for users and
push them there instead. Who do we turn to then, Microsoft? (No thanks.) The
party at fault here is Lenovo; I would be cautious to blame the tools they
used. Also keep in mind there are many white hat uses for MITM SSL packet
manipulation. If you lock down all the tools, pretty soon you end up with a
walled garden controlled by very few parties (who then pull crap like this in
the end anyway, with slightly better spin/PR).

------
opinali
I hope tons of other computers, not just Lenovo's, that have Superfish will
also be using the same certificate that's now compromised. Need more shit in
the fan toward these guys.

------
halayli
Unless I am missing something, the only traffic you can decrypt is between the
browser and the proxy which is localhost, not the proxy and the
website(traffic you see on the wire).

------
omnibrain
It will be interesting to see where (and in which applications) this
particular cert shows up now people start looking for it.

------
weld
Looks like the technology used by Superfish is SSL Digestor by Komodia.com

------
passfree
Well done :)

------
jkot
Move along, nothing to see here. Lenovo said there are no security concerns.

------
SixSigma

        | sort | uniq > super.dict
    

why not

    
    
        | sort -u > super.dict

~~~
Gravityloss
Easier to remember?

You have to remember switches for every command, while commands like sort only
need to be remembered once.

------
sbi
What charming casual racism. "It's pretty ghetto" ... "The ghetto way is just
to run this on a machine" ... "The ghetto reversing is to run strings."

~~~
antsar
Racism? Webster's definition[0] of ghetto (and that of any other respectable
dictionary) makes no reference to any particular race. Would the phrase "the
poor man's solution is to run strings" also be racist, by your logic?

[0] a part of a city in which members of a particular group or race live
usually in poor conditions; the poorest part of a city

~~~
sbi
Webster's Dictionary does not discuss the pejorative use of the word "ghetto"
and in any case is not an arbiter of racism.

~~~
random_pr
Well I'm glad that you seem totally qualified to be our great arbiter of
racism. What would we do without you?

------
sergiotapia
And people scoff at the idea of buying an Apple laptop.

Lenovo used to be championed around as the best competitor because of it's
hardware, but this comes to light: What do you say to that? For the past 5
years Apple has had the best laptops in the world hands down.

~~~
reitanqild
Except quite a few of us can't stand them for various reasons:

* the os does not feel practical (menu bar on only one screen? No universal home/end? No universal way to jump/select words like (ctrl + ->, ctrl + shift + -> on Windows and Linux) * non-standard keyboard layout, no way to adjust it (specifically fn/end)

Mind you, I am a fan of Macs and recommend friends trying them but I don't
want one as long as I cannot afford one laptop for work and another for photos
and stuff.

(btw: I didn't downvote you)

~~~
exogen
FWIW, OS X has a menu bar on every screen since 10.9, and you can indeed
jump/select words, just substitute Option in place of Control (always been
that way AFAIK).

What's "the standard" keyboard layout? Looking forward to that one. :)

~~~
reitanqild
> FWIW, OS X has a menu bar on every screen since 10.9,

Good. About time should we say? I left Apple three years ago.

> and you can indeed jump/select words, just substitute Option in place of
> Control (always been that way AFAIK).

Except if you use another application, then you have to use CMD or fn. But
careful, cause in a third application that is a substitute for home/end.

> What's "the standard" keyboard layout? Looking forward to that one. :)

It's easier to tell when someone breaks it:

* Adding shortcut keys on the sides of the keyboard so that I end up starting 5 calculators. (my wifes hp compaq)

* Not putting ctrl in the lower left corner, nor letting me remap it, causing frustration every time I move from the full size Apple keyboard to the laptop or between almost any other machine and an Macbook. (Some thinkpads fails here but at least then you can change it in bios.)

* not having home and end keys nor any consistent way of replacing them.

Again I'm an Apple fan and I am happy that they saved us from older Windows
phones but it is not for everyone.

------
im2w1l
>[strings] is an ancient (mid-1980s) program that simple extracts human
readable strings out of a binary file, discarding the rest. It's really a
stupid simple program.

No it isn't.

[http://lcamtuf.blogspot.se/2014/10/psa-dont-run-strings-
on-u...](http://lcamtuf.blogspot.se/2014/10/psa-dont-run-strings-on-untrusted-
files.html)

~~~
Someone1234
No it isn't, what?

Nothing he said discounts what you added. You should have just said "be
careful with strings" and linked your link, rather than making some vague hand
waving correction which wasn't...

~~~
im2w1l
It isn't a dumb and simple program. It does a lot of complicated stuff under
the hood, and it is good to be aware of that.

~~~
geofft
It's not a complicated thing it does at all: it uses the standard system
facilities for opening an object file to scan through the data section instead
of the entire file. In the '80s, it used a.out format, which was dead simple.
Today, GNU strings uses the GNU libbfd library, which is quite a bit more
complicated, although the fundamental process of parsing an ELF file is also
not that complicated.

The actual problem here is that such a dumb simple task as parsing an ELF file
isn't something you'll do without vulnerabilities, if you're not paying
attention to vulnerabilities. Run `man elf` on your favorite Linux system, and
you'll see docs of <elf.h>, which you can use to read ELF files. Write
something to just dump the text section -- it shouldn't take you more than
like 30 lines of C. Then tell me how many integer overflows you managed to
squeeze in those 30 lines. :)

------
kazuho
While the blogpost is interesting, I am skeptical of the author's claim that
the recovered private key may be used for decrypting user data transmitted
over the wire, since private keys cannot be used for encrypting data sent to
somebody else.

What it can all do by itself is to decrypt data sent from others, or to
digitally sign some data.

I would suspect that the bundled private key was used for digitally signing
data to show that it was actually generated by the software. The approach is
not perfect (since the private key may get decrypted as the author did), but
in general it would work effectively for kicking out third party software.

If the developer's intention was to encrypt the data transferred through the
public network, then he/she should have used TLS with server-side
authentication, with optionally using clear-text credentials transmitted over
the encrypted channel to authenticate the software (e.g. basic authentication
over HTTPS).

If it gets proved that private information could be decrypted from data
transmitted over the public network by using the recovered private key, then
this would be an interesting case of misusing public-key cryptography.

~~~
kazuho
why minus votes?

~~~
maxerickson
Because you've misunderstood the situation.

There's no doubt that this key can be used to man in the middle user
connections, that's what the software it was extracted from is using it for.

~~~
kazuho
Thank you for the comment.

I think you did not understand my comment.

It is true that the software is used for MITM. It is true that _Superfish_ is
in the middle, decrypting the communication.

OTOH the author claimed that it might be likely for _others_ as well to
possibly MITM the communication, by using the recovered key. My comment is
that such a situation is unlikely under the premise that the public-key
encryption technology was used correctly (from technical standpoint, not
ethical).

EDIT: Even if it was the case that the recovered private key was used by the
MITM server running locally for communicating with the web browsers, it
wouldn't mean that others could use the key to decrypt data transmitted over
the wire by using the key, since all the communication encrypted by the key
would terminate within the local machine.

EDIT2: Ah sorry, now I understand. The root certificate installed by the
adware was using the recovered private key. That would mean that others can
MITM the communication by DNS spoofing, etc. together with a server
certificate signed with the recoverd key.

