Superfish-style vulnerabilities in common security software could leave you open to cyberattacks
After last week’s revelation that Lenovo placed Superfish’s adware and potentially harmful code on its computers, two other firms have been found adding similar man-in-the-middle code to their software, reports Ars Technica. Security researcher Filippo Valsorda found that anti-virus and online privacy apps from Lavasoft and Comodo caused machines to trust any self-signed certificate from HTTPS sites. The method can expose users to so-called man-in-the-middle attacks, potentially giving hackers access to critical information. The affected apps are Lavasoft’s privacy software Ad-aware Web Companion, which is intended to protect you from malware and prevent hijacking, and Comodo’s PrivDog, which promises to only…
This story continues at The Next Web