Wednesday, November 9. 2016
Saturday, February 21. 2015
Meanwhile you should have heard about the Lenovo hardware that had Superfish installed, an adware injecting software that uses an SSL hijacker SDK made by Komodia. If not then duck it.
I'd classify that as a Maximum Credible Accident (MCA) which was only possible due to greed, stupidity and idiocy.
- Greed – Lenovo was greedy enough to deploy Superfish on its hardware, probably just for a few bugs revenue more per machine.
- Stupidity – Superfish was stupid enough to use the Komodia SSL hijacker, just to be able to inject ads into https connections. Hopefully without knowing what they were doing, else it would had been double stupid stupidity. However, and of course they are greedy as well, because all ad sellers are.
- Idiocy – Komodia was idiots enough to implement an SSL hijacker SDK and embed a root CA certificate in the software using it and super idiocy chose "komodia" as all private keys' password, making the certificate available to anyone and grandpa.
Now, as if that wasn't enough, according to Forbes the
loser behind Komodia
was once a programmer in Israel’s IDF’s Intelligence Core. Really? I'm not impressed.
Or wait, here's room for conspiracy theories! Let Superfish be a venture capital startup, financed by Israelis, which maybe is not that far fetched. What if the whole concept just serves the idea to spread an SSL hijacker to be able to intercept HTTPS connections and inject man-in-the-middle attacks? Sounds like a good plan? Yeah, well done, goal achieved, it couldn't be better ;-)
Superfish may have appeared on these models:Hopefully this incident will teach Lenovo a lesson to not fiddle around with the customer too much..
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30
Sunday, January 18. 2015
mobile application software that identifies a user's behavior and location in order to suggest events and locations of interest and keeps track of events and locations a user has attended or visited; mobile application software that allows a user to notify other users when arriving at an event or location, share photos with other users, and exchange messages with other usersI won't name it nor link to it.
Sunday, December 21. 2014
Thursday, July 3. 2014
Ich bin Extremist!
XKeyscore-Quellcode: Tor-Nutzer werden von der NSA als Extremisten markiert und überwacht
Dabei sollte ich das besser gar nicht benutzen, denn alleine dadurch mache ich mich schon zum Freiwild. Eigen-Tor: Gefahren der Tor-Nutzung im Alltag
William Binney heute in der Anhörung im NSA-Untersuchungsausschuss: Die Vollüberwachung der Gesellschaft ist die größte Bedrohung der Demokratie seit dem amerikanischen Bürgerkrieg.
Ups, da hab ich doch glatt auf netzpolitik.org verlinkt, jetzt bin ich Doppel-Extremist.
Eigentlich ja Dreifach-Extremist, denn Mails verschlüssel ich schon seit Jahren (falls denn jemand mitmacht) mit GnuPG.
Damit ein für alle Mal klar ist was ich von euch NSA-Arschgeigen & Co halte: Und Du, NSA, brauchst da nichts weiter zu speichern und analysieren.