A company issuing an SSL certificate was found to have sold malicious adware "Privdog" to forge a certificate



COMODO Internet SecurityDevelopment of security tools for PC such as,SSLIssue a certificateComodoSoftware that was sold by "Privdog"Is an adware that is preinstalled on a Lenovo PC"SuperfishIt is a malicious adware than a German journalist that there is a danger of completely destroying the security of HTTPSHanno BöckIt was revealed in his blog.

Comodo ships Adware Privdog worse than Superfish - Hanno's blog
https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html


It became a big topic that the software "VisualDiscovery (common name: Superfish)" preinstalled on Lenovo notebook PC could become a very dangerous security hole. This is because "HTTP communication over a secure connection provided by the SSL protocol"HTTPSIntercept encrypted communication of "Man-in-the-middle attackIt was to make it possible to put on.

On the other hand, the same security hole as SuperfishKomodia software etc.It is also seen that it is possible to use a technique for intercepting HTTPS encrypted communication over multiple software.

ByDavid Goehring

Böck, who was closely watching the existence of adware including Superfish,Hacker NewsI will find "PrivDog" which was talked about "Next Superfish is Kore!" PrivDog was also originally adware, replacing advertisements on web pages with advertisements from "trusted sources". PrivDog does not have the same defect as Superfish, but it seems to hold more dangerous security holes than that.

HTTPS encrypts HTTP communication by SSL to prevent interception of communication contents, and also prevents tampering with communication contents. When performing secure communication using SSL, the browser sends a certificate from the web server, and the siteCertification authority(CA) to see if it is approved. Then, it checks whether the CA is included in the list of your root certificate and judges whether it is a trusted site or not.

However, PrivDog intercepts all certificates and replaces the certificate with one signed with the root key. This also implies that every certificate is no longer valid, furthermore the browser approves all communication, which also means that CA's role in SSL communication is totally meaningless . In Superfish, I use the same certificate and secret key as the host, but PrivDog will re-create the secret key at all install destinations.


Furthermore, selling such PrivDog is "Comodo Dragon browserComodo is a developer such as "COMODO Internet Security". Since Comodo is also issuing a certificate issuance service as an SSL certification authority, it says, "Software that our company sells may be rewritten as a fake certificate" .

Comodo PrivDog installation and download Help Guideline
https://help.comodo.com/topic-72-1-451-6840-.html


· Additional notes 2015 February 24, 11:37:00
It is "PrivDog 3.0.96.0" that intercepts the SSL certificate, and Comodo does not sell the version of this version.

In addition, the PrivDog development team is updating PrivDog due to problems, and updating to "PrivDog 3.0.105.0" is possible from the official page. According to the official announcement, it is expected that up to 55,758 users will be exposed to the threat of SSL certificate interception.

PrivDog Security Advisory (Threat level: LOW)
http://privdog.com/advisory.html

in Software, Posted by logu_ii