Firefox can remove any threat that Superfish presents with a simple step and 24 hours; indeed they could prevent any similar issue using a questionable or downright poisonous SSL Certificate simply by blacklisting them. They specifically quote the ability of OneCRL to block even obfuscated certs before the Network Security Services level if the certs are properly recorded on the blacklist in this Register article. This would lead to a much more secure web, requiring attackers to invest significantly more effort when attempting to create fake or dangerous SSL certs. There is a flip side to this, for there are those who may attempt to have valid certs added to the Blacklist and so there must be a way of policing the list and a way to remove certs which should not be on the list due to being placed there in error or because of a change in the software associated with that certificate. It is also likely that there will be court cases attempting to have the blacklist removed if it does come into being as Superfish is not the only business out there whose business model requires phishing or at least a way around proper SSL certification and best practices which will no longer be viable if we are allowed to block their mutant SSL certs.
"Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops."
Here is some more Tech News from around the web:
- Hackers now popping Cisco VPN portals @ The Register
- Pandora Pays Artists $0.001 Per Stream, Thinks This Is "Very Fair" @ Slashdot
- iOS 8.3 to be made available as public beta as Apple aims for bug-free releases @ The Inquirer
- Portable USB Wall Charger Roundup @ eTeknix
- Tech ARP 2015 Mega Giveaway