Firefox can remove any threat that Superfish presents with a simple step and 24 hours; indeed they could prevent any similar issue using a questionable or downright poisonous SSL Certificate simply by blacklisting them. They specifically quote the ability of OneCRL to block even obfuscated certs before the Network Security Services level if the certs are properly recorded on the blacklist in this Register article. This would lead to a much more secure web, requiring attackers to invest significantly more effort when attempting to create fake or dangerous SSL certs. There is a flip side to this, for there are those who may attempt to have valid certs added to the Blacklist and so there must be a way of policing the list and a way to remove certs which should not be on the list due to being placed there in error or because of a change in the software associated with that certificate. It is also likely that there will be court cases attempting to have the blacklist removed if it does come into being as Superfish is not the only business out there whose business model requires phishing or at least a way around proper SSL certification and best practices which will no longer be viable if we are allowed to block their mutant SSL certs.
"Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops."
Here is some more Tech News from around the web:
- Hackers now popping Cisco VPN portals @ The Register
- Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair" @ Slashdot
- iOS 8.3 to be made available as public beta as Apple aims for bug-free releases @ The Inquirer
- Portable USB Wall Charger Roundup @ eTeknix
- Tech ARP 2015 Mega Giveaway
“not the only business out
“not the only business out there whose business model requires phishing or at least a way around proper SSL certification and best practices”
ANY business who is into these methods, needs to out of business ASAP. this is a violation of privacy, and it’s totally insane to let it continue. The entire Ad based industry needs to be restricted from this snooping by breaking the secure SSL chain, sueball the offenders out of business. This is breaking and entering into people’s personal PC/Lpatops/other devices, and destroying the chain of security! Why the justice department is not looking into the criminal side, as of yet, is beyond me, but if I buy a laptop/other device from an OEM, it’s my device/my hardware, I should be protected from snooping by law, and no EULA should be/make my privacy exempt from the privacy laws.
Best practice if you know
Best practice if you know what you are doing, get a clean windows cd and reinstall windows clean that will get rid of all the pre-installed crap and any snooping crap like this.
That won’t protect MOM and
That won’t protect MOM and POP, best to get them MINT and end the practice of pre installed OSs, let the customer get the OS of their choice at purchase, along with OEM essential drivers DVD/CD, and no adware/bloatware. Make the OEMs list the bloatware/crapware and require that it be un-installable, Getting tired of all these application’s squatting on new systems, unable to be completely removed. Who Knows what kind of baked into the OS spyware M$ has in store, but all this metrics snooping madness has to stop!
3 words
No script plugin
3 words
No script plugin
Sorry, won’t help at all with
Sorry, won't help at all with this.