Hits Keep On Coming For Both SSL & Its Abusers

  /     /     /  
Publicated : 22/11/2024   Category : security

Hits Keep On Coming For Both SSL & Its Abusers


Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?


Hacktivists this week have retaliated against Komodia and Lenovo for their roles in distributing Komodias Superfish adware that
compromises all SSL communications
on Lenovos Windows laptops. Monday, Komodias website was DDoSed. Wednesday, Lenovos website was taken over by hacking group Lizard Squad, as the result of a DNS hijacking attack on the Malaysian registrar that hosts Lenovo.com.
According to
KrebsOnSecurity
, the attackers exploited the registrar, Web Commerce Communication (
Webnic
), via a command injection vulnerability, and uploaded a rootkit. They were then able to change the IP address associated with Lenovo.com, sending visitors instead to a page that featured a slideshow that linked to the Lizard Squad Twitter account.
By hijacking the domain name, they were also able to intercept email and spoof email accounts. Lizard Squad showed off an email they lifted that referenced continuing problems with Superfish: 
Its possible that SSL certificate authority Comodo could be the next target. This week it was reported that Comodo had been shipping PrivDog, an application developed by the companys founder that commits many of the same offenses as Superfish -- and under the guise of a tool that supposed to make Web browsing more private.
Like Superfish, PrivDog acts as a man-in-the-middle to hijack SSL communications, installs a trusted root certificate, and fails to certify legitimate SSL certificates from other sources. Some security experts have said it is even worse than Superfish.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Hits Keep On Coming For Both SSL & Its Abusers