Despite new security features being added on an almost daily basis, we are certainly not moving towards a more secure Internet - at least, this is what can be derived from recent findings.
After Lenovo was found to be installing the malicious adware Superfish in consumer machines, another report on Monday came out suggesting that it is not the only one doing it. It reported two names of the security firms that have added similar man-in-the-middle code in their software platforms. While one software is being said to be using vulnerable SSL-interception technology sold by Komodia, similar to what Superfish employed, the other using different technology achieves the same effect of bypassing SSL and HTTPS protection.
All this seems to have created panic in consumers, and researchers are taking concerns seriously. According to a new report by How to Geek on Monday, several freeware and software sites (including CNET's Download.com) are bundling HTTPS-breaking-adware nowadays.
The report notes that the adware like Wajam, Geniusbox, Content Explorer, and many others are following the same trend as seen with Superfish in Lenovo. These companies are installing their own certificates and forcing all your browsing (including HTTPS encrypted browsing sessions) to go through their proxy server. Not just that, the report claims that your machine can just get infected "by installing two [KMPlayer and YTD] of the top 10 apps on CNET Downloads." The two apps reportedly feature two different types of "HTTPS-hijacking adware".
No comments:
Post a Comment