

Company behind Superfish claims its under DDoS attack - thealexknapp
http://www.forbes.com/sites/thomasbrewster/2015/02/20/komodia-lenovo-superfish-ddos/

======
a3n
> Barak Weichselbaum, Komodia’s founder who was once a programmer in Israel’s
> IDF’s Intelligence Core

Which makes me wonder, is the MITM mis-feature actually an on-purpose feature.
Which would make Lenovo and their other "customers" victims, the real
customers or fans being the intelligence services.

> ... its hugely intrusive technology is found in many places on the web, ...
> in various parental control software, ... in web filter products across the
> world. ... intercept people’s internet connections, create fake versions of
> certain websites and steal their data, as long as targets’ computers trust
> the Komodia certificates ... It means that anyone who has come into contact
> with a Komodia product, or who has had some sort of Parental Control
> software installed on their computer should probably check to see if they
> are affected,” said Jacobs.

Maybe governments' obsession with child protection and porn control is
something else entirely.

------
OMGWTF
«Worryingly, it’s very easy to extract and use the encryption key run by
Komodia, largely because the password to access all different versions of the
certificate is “komodia”.»

No, the problem is that big subsets of affected systems share the same root
certificate and private key. How or whether that private key itself is
encrypted is less of an issue.

------
Bartholemewl
Good.

