Forum » Pomoč in nasveti » Ranljivost
Ranljivost
Glugy ::
Jz sicer nimam Lenovo ampak sem vseen probu: https://filippo.io/Badfish/ če bi mel. In mi napiše "YES, your connections can be tampered with" . Pol sledim navodilom pa nikjer sledu o Superfish-u. Tko da nism mogu nč zbrisat, tud programa ni. ..tko da sploh ne razumem od kje mam ranljivost.
In kaj točno napiše, superfish ali kaka druga ranljivost od te firme? Neki so upgradal, bi moralo točno napisat kaj.
hmm
@gandalfar: upam da ne smetim, just for @Glugy: Predlagam da poskusiš pogledat, če boš zadevo našu s tem programom: http://www.pcdecrapifier.com/..
@gandalfar: če sem šel preveč offtopic pa se lahko zrbriše post, vem samo , da sem si enkrat s to zadevo na prednaloženimi Lenovi zelo pomagal ker je blo res polno bloatwara..
Sem probu (zagnal kot skrbnik) pa mi ne najde nobenih nepravilnosti. Pol pa ne vem od česa bi to blo. Zdej edin če je ta test bil mišljem samo za Windows 8 in da je taka reakcija (zgornji zajem slike) normalna za Windows 7. Sam mi je pa res čudn ker se ni noben oknčk pojavu ki bi me sprašval.
BorutK-73 ::
Jaz sem sprobal na Win 7 in nimam naloženo nič od Komodia-e.
Zgodovina sprememb…
- odbrisal: Gandalfar ()
Glugy ::
Najdel sem rešitev. Bom napisal če koga zanima.
Ok problem je bil v tem da sem imel nameščen PrivDog. Ko sem ga odstranil je ranljivost izginila.
Namig o tem sem dobil medtem ko sem iskal po spletu:
http://arstechnica.com/security/2015/02...
"The second security-marketed software was "PrivDog," which is the creation of Comodo CEO Melih Abdulhayoglu. Valsorda told Ars that the stand-alone version of PrivDog will cause most browsers to trust any self-signed certificate, a breath-taking vulnerability that leaves users wide open to easily executed man-in-the-middle attacks that completely bypass HTTPS protections. Besides its ties to Comodo--a certificate authority that's trusted by all major operating systems--PrivDog is notable for not containing any traces of Komodia technology. The version of PrivDog that's bundled with Comodo Internet Security does not contain the same critical weakness, Valsorda said.
PrivDog bills itself as software that enhances security and privacy by replacing ads in web pages with ads from trusted sources. Presumably, the vulnerable version of PrivDog is using the man-in-the-middle proxy and certificate to replace ads in HTTPS-protected sites. Abdulhayoglu and other Comodo officials didn't respond to e-mail seeking comment for this post. Until we know more, readers with either Lavasoft Ad-aware Web Companion or the stand-alone version of PrivDog should err on the side of caution and uninstall both the app and the underlying root certificate as soon as possible"
Ok problem je bil v tem da sem imel nameščen PrivDog. Ko sem ga odstranil je ranljivost izginila.
Namig o tem sem dobil medtem ko sem iskal po spletu:
http://arstechnica.com/security/2015/02...
"The second security-marketed software was "PrivDog," which is the creation of Comodo CEO Melih Abdulhayoglu. Valsorda told Ars that the stand-alone version of PrivDog will cause most browsers to trust any self-signed certificate, a breath-taking vulnerability that leaves users wide open to easily executed man-in-the-middle attacks that completely bypass HTTPS protections. Besides its ties to Comodo--a certificate authority that's trusted by all major operating systems--PrivDog is notable for not containing any traces of Komodia technology. The version of PrivDog that's bundled with Comodo Internet Security does not contain the same critical weakness, Valsorda said.
PrivDog bills itself as software that enhances security and privacy by replacing ads in web pages with ads from trusted sources. Presumably, the vulnerable version of PrivDog is using the man-in-the-middle proxy and certificate to replace ads in HTTPS-protected sites. Abdulhayoglu and other Comodo officials didn't respond to e-mail seeking comment for this post. Until we know more, readers with either Lavasoft Ad-aware Web Companion or the stand-alone version of PrivDog should err on the side of caution and uninstall both the app and the underlying root certificate as soon as possible"
BorutK-73 ::
Se mi je zdel znan ta PriviDog in ga imam v FF ampak je disable-an. Čudno da mi je pa stran pokazal da je vse ok glede komodia.
PriviDog leti dol.
edit/
PriviDog sem imel tudi inštaliran.
PriviDog leti dol.
edit/
PriviDog sem imel tudi inštaliran.
Zgodovina sprememb…
- spremenil: BorutK-73 ()
SeMiNeSanja ::
Če tole ni že kar malo ironično - namestiš si AdAware, da bi se zaščitil, navlečeš si pa drugo sranje, ki ni bistvono manj nevarno od tistega, pred katerim bi se rad zaščitil.
Shame on Lavasoft!
Shame on Lavasoft!
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Nadaljevanje zgodbe Superfish-Lenovo kaže na resnejšo ranljivostOddelek: Novice / Varnost | 19633 (15948) | Glugy |
| » | Računalniki Lenovo z veliko varnostno luknjoOddelek: Novice / Varnost | 19603 (16404) | miroB |
| » | Kritična ranljivost v OpenSSL bi lahko omogočala krajo strežniških zasebnih ključev (strani: 1 2 )Oddelek: Novice / Varnost | 22258 (15907) | Isotropic |
| » | Zlikovci pridobili nadzor nad Comodo CA-jem, izdali ponarejene certifikateOddelek: Novice / Varnost | 8289 (7005) | jype |