25th February 2015, 13:59 #1
Is PrivDog another Superfish ?
Is PrivDog another Superfish ?
"While reading about Superfish, I ran this simple test at https://filippo.io/Badfish/ by visiting the webpage,
and noticed despite the fact i don't have superfish installed i failed the test,
and got “Yes, Your connections can be tampered with”.
After quick check on my system,
I realized I might have failed the test due to the presence of PrivDog (PrivDog) on my system.
Here is a screenshot of Bank of America: http://i.imgur.com/pbEFW5X.png
Is this another Superfish ?
"Worse than Superfish ?
Comodo-affiliated PrivDog compromises web security too
New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks.
The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog,
an advertising product with ties to security vendor Comodo.
Over the weekend, a user reported on Hacker News that his system failed an online test,
designed to detect a man-in-the-middle vulnerability introduced by Superfish,
a program preloaded on some Lenovo consumer laptops.
However, his system did not have Superfish installed.
Instead, the problem was tracked down to another advertising-related application called PrivDog,
which was built with the involvement of Comodo’s CEO, Melih Abdulhayoglu.
New PrivDog releases are announced on the Comodo community forum by people tagged as Comodo staff.
PrivDog is marketed as a solution to protect users against malicious advertising without completely blocking ads.
The program is designed to replace potentially bad ads with safer ones,
that are reviewed by a compliance team from a company called Adtrustmedia.
As Abdulhayoglu puts it in a January 2014 post on his personal blog in which he describes the technology:
“Consumers win, Publishers win, Advertisers win.”
However, according to people who recently looked at PrivDog’s HTTPS interception functionality,
consumers might actually lose when it comes to their system’s security if they use the product.
Full story: Worse than Superfish? Comodo-affiliated PrivDog compromises web security too | PCWorld
"SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog
Superfish sequel: I'm looking at the man in the middle
The US Department of Homeland Security's cyber-cops have slapped down PrivDog,
an SSL tampering tool backed by, er, SSL certificate flogger Comodo.
Comodo, a global SSL authority, boasts a third of the HTTPS cert market,
and is already in hot water for shipping PrivDog.
What is PrivDog ?
Let's allow the US Computer Emergency Readiness Team (US-CERT) to describe it in this security advisory:
Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing."
Privdog installs a Man-in-the-Middle (MITM) proxy as well as a new trusted root CA certificate.
The MITM capabilities are provided by NetFilterSDK.com.
Although the root CA certificate is generated at install time,
resulting in a different certificate for each installation,
Privdog does not use the SSL certificate validation capabilities that the NetFilter SDK provides.
This means that web browsers will not display any warnings when a spoofed or MITM-proxied HTTPS website is visited.
We have confirmed that PrivDog version 126.96.36.199 is affected.
Adtrustmedia PrivDog is promoted by the Comodo Group, which is an organization that offers SSL certificates and authentication solutions.
Essentially, Comodo's firewall and antivirus package Internet Security 2014, installs a tool called PrivDog by default. Some versions of this tool intercept encrypted HTTPS traffic to force ads into webpages.
"PrivDog is bundled with some products from Comodo, like Comodo Internet Security,
as well as its Chromodo, Dragon and IceDragon browsers.
However, it seems that these products include PrivDog version 2, which lacks the HTTPS proxy functionality,
and thus does not expose users to man-in-the-middle attacks.
The PrivDog version that exposes users to man-in-the-middle attacks is version 3,
which is available to download as a stand-alone application,
and which supports a large number of browsers including Google Chrome, Firefox and Internet Explorer,
according to security researcher Filippo Valsorda,
who’s online HTTPS test was updated to account for it.
This "potential issue" only exists in PrivDog versions 188.8.131.52 and 184.108.40.206,
that have never been distributed by Comodo and are not present in the company's browsers,
a Comodo representative said Monday via email.
Full story: SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog ? The Register
Last edited by hackerman1; 25th February 2015 at 14:05.