The EFF’s Decentralized SSL Observatory turned up 1,600 certificates that should have been rejected but instead passed browser checks because they were manipulated by Komodia’s SSL Digester interception module.
Tag Archives: man-in-the-middle attack
PrivDog Adware Poses Bigger Risk Than Superfish
Another shady piece of adware called PrivDog has been unearthed with a similar Superfish-type vulnerability that breaks SSL connections.
Komodia Website Under DDoS Attack
Komodia.com, home of the SSL module at the heart of the Superfish scandal, is offline because of a DDoS attack.
SSL MiTM Vulnerability Among Vulns Patched in Pidgin
Five vulnerabilities were patched in the most recent update to the open source Pidgin instant messaging client.
CERT/CC Enumerates Android App SSL Validation Failures
The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS.