Cert-slurping security firms chop super-fishy features Security companies Lavasoft and AdTrustMedia, have been found using the SSL slurping certificate - or something very similar - made infamous by the Lenovo-Superfish debacle. Lavasoft used the certificate in its web inspection software Ad-Aware Web Companion and the Alpha testing version of AdBlocker. The software was …
The program was designed to replace malvertising with legitimate ads...
So going from worst to bad, then? A real "win for users" would be the elimination of anything that looked or behaved like the original from their point of view. Just get rid of the advertising entirely and remove the temptation of OEMs to treat their customers like products. Greed will always be open to exploitation.
"If anyone here is in marketing or advertising...kill yourself. No joke here, really. Seriously, kill yourself, you have no rationalisation for what you do, you are Satan's little helpers. Kill yourself, kill yourself, kill yourself now. There's no fuckin' joke. Suck a tail pipe, hang yourself...borrow a pistol from an NRA buddy, do something...rid the world of your evil fuckin' presence."
Yeah, because the worst thing here was seeing a few ads, wasn't it? So let's not worry about the developers building shitty borked silent HTTPS proxies into their software and compromising your privacy and security, have a good rant at the marketing and advertising people instead.
"The potential issue is only present if a user visits a site that actually has a self-signed certificate.”
WRONG - the issue is present if you visit ANY site via a network that could POSSIBLY be hijacked by someone doing a man-in-the-middle attack - as the attacker would be free to "re-sign" the traffic back to you with a self-signed cert, which you would then not notice.
I'm not sure which is worse - the original error, or the attempt to play it down!
No, they won't ever understand it. There are people that understand Murphy's Law and all it's permutations and there are people that don't. The former understand that both malice aforethought and stupidity, no let's call it ignorance instead, exist; the latter never will. I'm not paranoid as a mental disease. I'm well aware of most, if not all, the various modes of FAIL when it comes to most every field of engineering practiced today. Unfortunately, what we are mostly seeing of late is "It seemed like a good idea at the time." Even by marketing types let alone engineers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
