more from Forbes
first from that earlier link
"As security expert Matt Suiche pointed out to me on Twitter, the password used to get the encryption key for the Superfish certificate authority (you can find more details on that in my previous article here) is “Komodia”. There’s a company called Komodia, which also does ad injection and “global proxy interception” – some very aggressive techniques. According to the company’s website (which is currently down because of an attack on the site), the founder, Barak Weichselbaum, was also part of the surveillance industrial complex in Israel, having carried out “military service as a programmer in the IDF’s Intelligence Core”. Komodia offers one service called SSL Digestor that carries out ad injects and effectively breaks encryption, just as Superfish was doing on Lenovo PCs.Suiche and Robert Graham of Errata Security are convinced that product was used by Superfish in the Lenovo case.
So ex-surveillance agents, operating in both the private and public spheres, have ostensibly combined their powers to force ads onto people’s computers, leaving web users open to other forms of attack. That’s startling and frightening for anyone who cares about privacy or security."
and from http://www.forbes.com/sites/thomasbrewster/2015/02/20/komodia-lenovo-superfish-ddos/
"It’s becoming apparent that the Lenovo Superfish omnishambles affects far more people than initially thought. Whilst it’s likely millions of PCs have Superfish running on their systems, intercepting their traffic, throwing adware on their computers and leaving users in danger of being hacked, many more will be running the technology believed to underpin the Superfish ad injection service.
The company behind that highly intrusive technology, known as SSL Digestor, is called Komodia. But anyone who wants to learn more about what it does won’t find out anything by visiting komodia.com today (which, ironically, doesn’t run over encrypted HTTPS connections). That’s because those visiting the site will find a brief, startling claim: it’s been hit with a Distributed Denial of Service (DDoS) attack due to “recent media attention”.
What’s confusing here is that DDoS attacks usually swamp a server with traffic and take it offline, making the site completely inaccessible. But it’s still possible to reach komodia.com. Is the company simply claiming DDoS and hiding? That’s unlikely. Darren Anstee, from DDoS expert Arbor Networks, said that sometimes, when sites are under attack, the organisations running them move to using a more simplified page to reduce the load on the server. This might see a site’s graphic content removed or reduced.
In a brief email conversation with Barak Weichselbaum, Komodia’s founder who was once a programmer in Israel’s IDF’s Intelligence Core, he said the company was not hiding behind DDoS claims and that the attack was real. “We had to decide if we focus on it, or on other things, we are busy as you can imagine. I saw on forums people say we’re hiding, the site can be seen from the internet archive, so no point trying to hide anything. Regarding the Lenovo Superfish story I’m unable to comment because of contractual reasons,” he told Forbes.
He said the DDoS saw reams of requests hit the HTTP server, which made the PHP backend code processes “consume all the CPU”. “The static page doesn’t consume CPU with the level of this attack.” He hadn’t responded to further questions on the security implications of his technology.
"Why is Komodia now getting so much attention anyway? Because its hugely intrusive and poorly protected technology is found in many places on the web, according to Marc Rogers, principal security researcher at content delivery network CloudFlare. The technology can be found in various parental control software, including those made by Qustodio and the Israeli firm’s own “Keep My Family Secure” product, and in web filter products across the world. On Weichselbaum’s LinkedIn page, he says: “My biggest vision is to create a world where children can surf the internet safely, and I’m working to see this vision realized.”
Worryingly, it’s very easy to extract and use the encryption key run by Komodia, largely because the password to access all different versions of the certificate is “komodia”. That means malicious hackers can craft their own SSL certificates, which are supposed to guarantee trust, with the Komodia key. They can then intercept people’s internet connections, create fake versions of certain websites and steal their data, as long as targets’ computers trust the Komodia certificates.
“This means that those dodgy certificates aren’t limited to Lenovo laptops sold over a specific date range. It means that anyone who has come into contact with a Komodia product, or who has had some sort of Parental Control software installed on their computer should probably check to see if they are affected,” said Rogers.
“This problem is much bigger than we thought it was.”
Biting the hand that feeds IT
