HackDig : Dig high-quality web security articles for hacker

Hits Keep On Coming For Both SSL & Its Abusers

2015-02-27 04:25
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

Hacktivists this week have retaliated against Komodia and Lenovo for their roles in distributing Komodia's Superfish adware that compromises all SSL communications on Lenovo's Windows laptops. Monday, Komodia's website was DDoSed. Wednesday, Lenovo's website was taken over by hacking group Lizard Squad, as the result of a DNS hijacking attack on the Malaysian registrar that hosts Lenovo.com.

According to KrebsOnSecurity, the attackers exploited the registrar, Web Commerce Communication (Webnic), via a command injection vulnerability, and uploaded a rootkit. They were then able to change the IP address associated with Lenovo.com, sending visitors instead to a page that featured a slideshow that linked to the Lizard Squad Twitter account.

By hijacking the domain name, they were also able to intercept email and spoof email accounts. Lizard Squad showed off an email they lifted that referenced continuing problems with Superfish: 

It's possible that SSL certificate authority Comodo could be the next target. This week it was reported that Comodo had been shipping PrivDog, an application developed by the company's founder that commits many of the same offenses as Superfish -- and under the guise of a tool that supposed to make Web browsing more private.

Like Superfish, PrivDog acts as a man-in-the-middle to hijack SSL communications, installs a trusted root certificate, and fails to certify legitimate SSL certificates from other sources. Some security experts have said it is even worse than Superfish.

 


Source: D_SSR=cm_?4429131/di-d/d/sresuba-sti-dna-lss-htob-rof-gnimoc-no-peek-stih/moc.gnidaerkrad.www

Read:2312 | Comments:0 | Tags:No Tag

“Hits Keep On Coming For Both SSL & Its Abusers”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud