This article was published on February 23, 2015

Superfish-style vulnerabilities in common security software could leave you open to cyberattacks


Superfish-style vulnerabilities in common security software could leave you open to cyberattacks

Update: PrivDog has issued a security advisory to address the issue its software is causing. It says, “The issue potentially affects a very limited number of websites. In some circumstances self-signed certificates do not trigger a browser warning but encryption is still provided to the end user, hence security via encryption remains intact.

“The potential issue is only present if a user visits a site that actually has a self-signed certificate. The potential issue has already been corrected.”

The latest version of PrivDog contains a fix for this issue, and is available on the company’s site.

After last week’s revelation that Lenovo placed Superfish’s adware and potentially harmful code on its computers, two other firms have been found adding similar man-in-the-middle code to their software, reports Ars Technica.

Security researcher Filippo Valsorda found that anti-virus and online privacy apps from Lavasoft and Comodo caused machines to trust any self-signed certificate from HTTPS sites. The method can expose users to so-called man-in-the-middle attacks, potentially giving hackers access to critical information.

The affected apps are Lavasoft’s privacy software Ad-aware Web Companion, which is intended to protect you from malware and prevent hijacking, and Comodo’s PrivDog, which promises to only display ads from trusted sources.

We’ve contacted both companies for comment and will update this post when we hear back.

Security software found using Superfish-style code, as attacks get simpler [Ars Technica]

Image credit: Shutterstock

Read next: Superfish admits installing root certificate authority to show ads on secure sites

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top