NAS Technology Consulting

Superfish, Man-in-the-middle, and SSL

February 23rd, 2015

A new type of malware has been discovered that breaks SSL encryption, mainly to insert ads in your browsing.  This “Superfish” style vulnerability means that even when you connect to your email, bank, 401(k), or even health insurance site, the connection is being re-routed on the fly to the bad guys servers but your browser will still show that green lock saying the connection is secure.

Possibly the easiest to understand write-up I have seen so far is from HowToGeek.com:
“Once you are hijacked, they can read every single thing that you submit to a private site — passwords, private information, health information, emails, social security numbers, banking information, etc. And you’ll never know because your browser will tell you that your connection is secure.”
An easy way to verify if you have been infected is to check the Superfish / Komodia / Certification validation test site:

https://filippo.io/Badfish/

If the vulnerability test says you have a problem, please contact me for consulting.  If the test comes back “Good”, then you are safe for now.  Even if you are safe for now, please consider the following:

0 Comments

Leave a Reply