Hits Keep On Coming For Both SSL & Its Abusers

  /     /     /  
Publicated : 22/11/2024   Category : security


Hits Keep On Coming For Both SSL & Its Abusers


Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?



Hacktivists this week have retaliated against Komodia and Lenovo for their roles in distributing Komodias Superfish adware that
compromises all SSL communications
on Lenovos Windows laptops. Monday, Komodias website was DDoSed. Wednesday, Lenovos website was taken over by hacking group Lizard Squad, as the result of a DNS hijacking attack on the Malaysian registrar that hosts Lenovo.com.
According to
KrebsOnSecurity
, the attackers exploited the registrar, Web Commerce Communication (
Webnic
), via a command injection vulnerability, and uploaded a rootkit. They were then able to change the IP address associated with Lenovo.com, sending visitors instead to a page that featured a slideshow that linked to the Lizard Squad Twitter account.
By hijacking the domain name, they were also able to intercept email and spoof email accounts. Lizard Squad showed off an email they lifted that referenced continuing problems with Superfish: 
Its possible that SSL certificate authority Comodo could be the next target. This week it was reported that Comodo had been shipping PrivDog, an application developed by the companys founder that commits many of the same offenses as Superfish -- and under the guise of a tool that supposed to make Web browsing more private.
Like Superfish, PrivDog acts as a man-in-the-middle to hijack SSL communications, installs a trusted root certificate, and fails to certify legitimate SSL certificates from other sources. Some security experts have said it is even worse than Superfish.
 

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hits Keep On Coming For Both SSL & Its Abusers