- The world’s largest provider of security while surfing the Comodo Group, operates its own malicious software.
- The software Privdog is for each connection that is encrypted using the default HTTPS, the Security certificate replaced. This allows the content to be spied on.
With Privdog users can be spied problems
One of the central authorities for safe surfing in the net operating software, spying easily with the user can. The software is called Privdog and is apparently able to interpose in supposedly secure connections and analyze the Internet traffic. Target will program it is actually the users of advertising “trusted sources” view. The journalist and IT expert Hanno Böck has described in a blog post, as Privdog going on exactly. Together with other IT researchers Bock has become aware of the software.
Comodo guarantees with its name for security
Privdog belongs to the Comodo Group, the world’s largest certification body for the encryption of Internet connections , When users such as the side of their bank, the connection is encrypted so no one can read the passwords. The bench can be digitally sign encryption certificate from Comodo. Only then passed to Internet browser that communication is secure. So Comodo guarantees with company name and knowledge to ensure that the desired bank actually issued this certificate -. And not about hacking
is suggested users to safely surf the net
Is Privdog installed, however, the following happens: The software accepts any HTTPS connection and replace it with your own certificate. It does not matter whether it is the site of a bank (www.ihrebank.de) or, for example, a page that pretends to be this bank (www.ihre-bank.de). Especially phishing sites operate on a web page that only minimally differs from the original in order to get passwords so. Privdog replaced according to the researchers, both compounds – and lets users simultaneously in the faith, secure in the network to be on the road
Jürgen Geuter is a computer scientist at the University of Oldenburg.. According to him, one needs certification bodies such as Comodo to create trust in the network: “But Comodo has sustained destroyed by their activities any trust,” says Geuter
The case is reminiscent of the Super Fish vulnerability of Lenovo
The Comodo case is reminiscent of the pre-installed security issue on Lenovo computers, which had become known in the past week. A software called “Superfish” opened hackers attack various ways. Security experts spoke of a “nightmare”. Privdog is worse than Superfish, writes Hanno Böck.
What users can do
In contrast to the incident at Lenovo’s software Comodo is not installed. That is, users should make sure that they use this software first. If this is the case, it should be uninstalled.
No comments:
Post a Comment