Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Company behind Superfish claims its under DDoS attack (forbes.com/sites/thomasbrewster)
8 points by thealexknapp on Feb 20, 2015 | hide | past | favorite | 3 comments



> Barak Weichselbaum, Komodia’s founder who was once a programmer in Israel’s IDF’s Intelligence Core

Which makes me wonder, is the MITM mis-feature actually an on-purpose feature. Which would make Lenovo and their other "customers" victims, the real customers or fans being the intelligence services.

> ... its hugely intrusive technology is found in many places on the web, ... in various parental control software, ... in web filter products across the world. ... intercept people’s internet connections, create fake versions of certain websites and steal their data, as long as targets’ computers trust the Komodia certificates ... It means that anyone who has come into contact with a Komodia product, or who has had some sort of Parental Control software installed on their computer should probably check to see if they are affected,” said Jacobs.

Maybe governments' obsession with child protection and porn control is something else entirely.


«Worryingly, it’s very easy to extract and use the encryption key run by Komodia, largely because the password to access all different versions of the certificate is “komodia”.»

No, the problem is that big subsets of affected systems share the same root certificate and private key. How or whether that private key itself is encrypted is less of an issue.


Good.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: