Hacker News new | past | comments | ask | show | jobs | submit login
Is PrivDog another Superfish
25 points by babawere on Feb 22, 2015 | hide | past | favorite | 15 comments
While reading about Superfish, I ran this simple test at https://filippo.io/Badfish/ by visiting the webpage and noticed despite the fact i don't have superfish installed i failed the test and got “Yes, Your connections can be tampered with”.

After quick check on my system, I realized I might have failed the test due to the presence of PrivDog (http://www.privdog.com/) on my system.

Here is a screenshot of Bank of America http://i.imgur.com/pbEFW5X.png

Is this another Superfish?

Did you get Privdog with Comodo Internet Security, if so can you share what version of Comodo Internet Security it was ?

Its came with the version 7 and you can see here https://help.comodo.com/topic-72-1-451-6840-.html it says

You can install PrivDog while installing Comodo Internet Security or by downloading the app from www.privdog.com/downloads.html

I saw the option to install PrivDog while Installing the Comodo Internet Security

It looks like Privdog which was bundled with CIS didn't have the vulnerability (it was an older version of Privdog) but if you downloaded it from the website you would have had the new version (Privdog v3 or later) which would have had the vuln.

If you're running the version of Privdog which came with CIS could you check the version of Privdog ?

Badfish shouldn't have failed for you with the bundled version, but if it did that's probably something that needs to be looked at more deeply.

Actually it is worse than Superfish.

It does TLS MitM, but it doesn't do any verification at all. It just accepts every self-signed cert and replaces it with a cert signed by it's locally installed root cert.

So it completely disables HTTPS protection. Everyone who has this: get rid of it, this is super-dangerous.

Looks like one of those malwares that takes the ads out of a website and replaces them with its own. In order to do this over SSL/TLS it has to use its own certificate—as if that weren't bad enough, you're vulnerable to man-in-the-middle attacks through HTTPS.

Why would comodo promote such a software ???

Apparently security software giants have motives other than security these days.

This really makes me put more faith into microsofts own defender.

There are a bunch of these - check the cert that you're getting from BofA and add a comment here if it's similar:


Yes, it is!

The fact that you're getting this result from the Badfish test page means that Privdog is not validating SSL certificates correctly. This is incredibly bad -- uninstall this software immediately.

Its bad enough because this was bundled with Comodo Internet Security ( https://help.comodo.com/topic-72-1-451-6840-.html and https://help.comodo.com/topic-169-1-413-6109-.html )

Neither of those links imply that PrivDog is bundled with those apps. It just mentions it as something you can download.

Edit : Just re-read the linked document. Yes, it does indicate that it's an install-time option. However, I've yet to see confirmation that Comodo software comes bundled with the SSL-intercepting version of PrivDog.

It auto-installs via nagware however.

waited and its fixed, and ran test: Good, you seem not to trust the Superfish CA. Also no other SSL-disabling product was detected on your system. with PrivDog installed No need to uninstall it. Sometimes give it 24 hours from when uncovered and things are fixed after releasing the info. For those that said remove immediately, well you can reinstall it now, for those that waited like me, good job as I wasn't using my pc when the report was posted/then the app was updated.

Made the bbc: http://www.bbc.com/news/technology-31586610 Update: "The issue potentially affects a very limited number of websites," the firm said in a statement.

"The potential issue has already been corrected. There will be an update tomorrow(2/24/2015), which will automatically update all 57,568 users of these specific PrivDog versions."

Ad-blocking software is 'worse than Superfish'

The software was created by the founder of security firm Comodo

Researchers have identified a fresh threat to the way consumers interact with websites, this time from software designed to block advertisements.

PrivDog has been found to compromise a layer of the internet known as Secure Socket Layer (SSL) - used to safeguard online transactions.

It follows the discovery of a similar problem with Superfish, software pre-installed on some Lenovo computers.

PrivDog said that its issue might compromise more than 57,000 users.

"The issue potentially affects a very limited number of websites," the firm said in a statement.

"The potential issue has already been corrected. There will be an update tomorrow, which will automatically update all 57,568 users of these specific PrivDog versions."

PrivDog - a tool designed to block ads and replace them with ones from "trusted sources" - joins a growing list of software affected by related security flaws.

Experts say they have uncovered a further dozen examples since Superfish was brought to the public's attention last week.

Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.

But it compromises security by intercepting connections and issuing fake certificates - the ID's used to identify websites - to trick sites into handing over data. This a practice commonly known as a man-in-the-middle attack.

Lenovo has since issued a tool to allow users to remove the hidden software. It now faces legal action from a group of users who say that it acted unlawfully in pre-loading it.

Shocking PrivDog, has been described by several experts as being "worse than Superfish".

A particular concern is its links to the security firm Comodo, which issues a third of the secure certificates used on the web.

PrivDog was developed by the founder of Comodo, Melih Abdulhayogulu, and some versions of it are packaged with Comodo's own software.

But Comodo told the BBC that the affected versions "had never been distributed" by it.

A discussion begun on the Hacker News forum first uncovered that in the process of swapping adverts, PrivDog also appeared to leave machines vulnerable to attack.

In a blogpost freelance technology journalist Hanno Boeck explained: "A quick analysis shows that it doesn't have the same flaw as Superfish, but it has another one which arguably is even bigger."

"PrivDog is in every sense as malicious as Superfish," added Simon Crosby, co-founder of security firm Bromium.

"It intercepts and decrypts supposedly secure communication between the browser and a remote site - such as the user's bank - ostensibly to insert its own advertising into pages in the browser.

"It is substantially more scary, though, because PrivDog effectively turns your browser into one that just accepts every https certificate out there without checking its validity, increasing vulnerability to phishing attacks, for example."

User privacy Last week Comodo announced that it had become the number one digital certificate authority in the world, with its products used by nearly 35% of all websites ending in .com.

"They are one of the leading certificate authorities, and the fact that PrivDog is issuing fake certificates is shocking," said Marc Rogers, principal researcher at security firm CloudFlare.

In a blogpost written at the beginning of 2014, Mr Abdulhayogulu said that he had developed PrivDog "with the privacy of the user in mind".

"Isn't it great that the company whose DNA is about your security makes more money so that they can continue to innovate and invest in products that make you safer," he wrote at the time.

Parental controls Security experts have identified a growing list of software that appears to interfere with SSL.

Most of the products were developed by security firms, said Mr Rogers.

They include anti-malware software and tools designed to offer parents more control over their children's web browsing.

All can be traced back to Komodia - technology developed by an Israeli firm, which describes itself as a "SSL hijacker".

At the time of writing, Komodia's website was offline. It blamed this on a denial-of-service attack prompted by "recent media attention".

Maybe. Export the cert and post it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact