Why are moderators constantly changing the name of this “hijack-mitm-security flaw” thread making it hard to find for someone new ?
If your ashamed to me caught with “your fingers in the jar” you shouldn’t have done it in first place !!
This just shows me (us) that you have bad intentions on mind to your users and that privacy is a joke to you…
Just like these https://gigaom.com/2015/02/23/beyond-superfish-turns-out-ssl-trashing-spyware-is-widespread/
On Monday, PrivDog issued a statement reiterating what Ars already reported, that the vulnerability resides in the stand-alone version only. Fewer than 58,000 users are affected. Remarkably, PrivDog rated the threat as “low.” That seems to be a massive understatement, given the harm that can be done, no matter how many users are affected. Readers with either Lavasoft Ad-aware Web Companion or the stand-alone version of PrivDog should err on the side of caution and uninstall both the app and the underlying root certificate as soon as possible.
Valsorda told Ars that the stand-alone version of PrivDog will cause most browsers to trust any self-signed certificate, a breath-taking vulnerability that leaves users wide open to easily executed man-in-the-middle attacks that completely bypass HTTPS protections.
I agree with you [at]SiberLynx :-TU
CIS uses ADS, I do not know is this feature or bug.
PrivDog with the issue, they released a quick fix immediately after the these media posts, and then they said it is a bug.
I fully lost my trust to Comodo! Even techie guys, spread these words “Do not take certificate from Comodo”… I am really sorry about the situation of Comodo.
So software companies should not have vulnerabilities then?
this is an intermittent bug in a 3rd party library, that we fixed within ours and updated.
What would you differently? how would you have identified this random bug when you bought this library?
I am open to learning and improving.
guys, I am sure you have been sarcastic, but some would not understand it like that, p.s. in digital life there are always vulnerabilities and bugs, and always there are fixes and updates
noone is saying exactly how an attack could have happened and what the effect would be. Cos they will realise that at the end both scenerios will have “encryption”…
Why don`t you ask people who broke the story as to what the threat is and how it can be mounted. Let them explain to you step by step how to do it…you will then see the truth…