Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on February 23, 2015

    Superfish-style vulnerabilities in common security software could leave you open to cyberattacks

    Superfish-style vulnerabilities in common security software could leave you open to cyberattacks
    Abhimanyu Ghoshal
    Story by

    Abhimanyu Ghoshal

    Managing Editor

    Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].

    Update: PrivDog has issued a security advisory to address the issue its software is causing. It says, “The issue potentially affects a very limited number of websites. In some circumstances self-signed certificates do not trigger a browser warning but encryption is still provided to the end user, hence security via encryption remains intact.

    “The potential issue is only present if a user visits a site that actually has a self-signed certificate. The potential issue has already been corrected.”

    The latest version of PrivDog contains a fix for this issue, and is available on the company’s site.

    After last week’s revelation that Lenovo placed Superfish’s adware and potentially harmful code on its computers, two other firms have been found adding similar man-in-the-middle code to their software, reports Ars Technica.

    Security researcher Filippo Valsorda found that anti-virus and online privacy apps from Lavasoft and Comodo caused machines to trust any self-signed certificate from HTTPS sites. The method can expose users to so-called man-in-the-middle attacks, potentially giving hackers access to critical information.

    The affected apps are Lavasoft’s privacy software Ad-aware Web Companion, which is intended to protect you from malware and prevent hijacking, and Comodo’s PrivDog, which promises to only display ads from trusted sources.

    We’ve contacted both companies for comment and will update this post when we hear back.

    Security software found using Superfish-style code, as attacks get simpler [Ars Technica]

    Image credit: Shutterstock

    Read next: Superfish admits installing root certificate authority to show ads on secure sites