Question for the more legally-minded among us: Can Lenovo face consequences over this? I mean, they deliberately crippled the security systems of their consumer goods, presumably without properly notifying their customers. That sounds like the kind of thing a company could, or should, get sued for.
Dutch IT lawyers [1] say that Lenovo could be breaching European and Dutch Law. More specifically the "cookie law" which says that explicit permission is needed to change and read data from a user's computer (Lenovo never asked explicit permission). I also hear mentions of breaching the "computer intrusion" law (classifying this as a hack) and even the "communications tapping" law (Lenovo is not licensed to MitM your connections). I do not think a EU class-action or private citizen lawsuit will follow, but perhaps the official institutions can hand out a big fine. However, if Lenovo MitM'ed your connections and you can prove that, that would in principle be enough to get this case in front of a tort judge.
I'm sure they might claim that the user agreed to it, but it's important to remember that EU Data Protection law places limits on what people can agree to. You can store person data if it's proportionate for a cause. MitMing all SSL connections? No way is that proportionate.
In the Lenovo case, probably not. But in the case of an employer-provided system and network intended for business purposes which performs SSL interception for security and data leak prevention? I think it can clearly be considered reasonable for the company to do that, and the user's expectation of privacy is significantly different. I do feel it's important that Acceptable Use Policies, Employee handbooks, etc. disclose the activity though.
Definitely, but no way Lenovo can even get close to the same sort of justification. It's reasonable that my workplace monitor and manage how their network bandwidth is being used. It's not reasonable that Lenovo gets to spy on my specifically encrypted traffic just because I bought a computer from them for personal use.
I don't know Dutch law but I'm interested you say "tort judge" - unauthorised access to computing systems is made a crime in EU. It should be a criminal prosecution.
Didn't they come that way? It's not like they secretly snuck into your house and changed your computer. They sold something broken. It's the difference between going to your house and breaking the latch on your window, vs selling you a window that won't latch.
Adware is not a broken product, it is an illegal scheme to earn profit on other peoples hardware by deliberate deception.
Did they inform their customers in advertisements, in the stores, or in any way that sold devices was being used by Lenovo after sale? Were there a meeting of minds where customers agreed to have their traffic MiTM and have advertisement of Lenovo choice on their device in return for fair compensation? That could have made it legal, but as it stand, no aspects of consumer protection laws, advertisement laws, contract laws, computer crime laws, or data protection laws seemed to have be followed.
They secretly snuck into peoples private property, used a backdoor, and earned profits doing so. They didn't tell anyone for obvious reasons. Had it been a one-man company doing this, then that person would be facing jail time.
Lenovo actively circumvented your security and sold access to your computer to Superfish. If you want to compare it to windows, it's like a security door salesman who sells extra keys to organized crime on the side.
Choice quote:
The settlement requires HTC America to develop and release software patches to fix vulnerabilities found in millions of HTC devices. In addition, the settlement requires HTC America to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.
Crippled isn't the word. They broke browser cryptography. The Superfish MitM proxy on the host is validating any cert it gets, even patently bogus ones. As a result it's possible for a networked MitM who is actively going after SSL/TLS traffic to see all traffic with no need to have the Superfish private.
Here's a screenshot of what their MitM proxy provides back to the browser for a compromised connection to Bank of America:
Note that my MitM proxy cert is one gen'd with OpenSSL and is not the Superfish private! While it's cool that the private can be extracted, given the failure of the Superfish software to properly validate the public in the SSL/TLS handshake, the Superfish private isn't something a bad guy needs to get in the middle of encrypted traffic.
Once Lenovo was bought by a chinese company... didn't everyone kind of assume the state of China would use this opportunity to do what the NSA does for American hardware? The extent of the NSA's actions weren't known at the time, but you had to assume China would be less bound by restrictions.
AIUI, the only people who could claim damages in a civil suit are ones that could demonstrate actual costs as a consequence for Lenovo's action.
Maybe the cost of a security audit required as a consequence of this issue might qualify - I don't know. But there would have to be actual costs involved.
They're faster to type, and I suspect I find them more pleasant to read (this is hard to test). AIUI, IIRC and similar are good disclaimers to make, but they're basically boilerplate, and don't need to take up lots of space.
Similarly, compare "(c) 2015 philh" to "this post is copyrighted by philh, as of 2015".
<trivia>
Interestingly enough, (c) 2015 philh does not meet the requirement. You need either the word, copyright, or the actual copyright symbol.
</trivia>
Correct. The Berne Convention did away with 'formalities' like having to register your copyrights in order to hold them. You still need to have a registered copyright to sue for statutory damages in the USA, though.
IANAL but I believe you are correct although you get some extra legal protections by including the notice (which only need include the word or symbol and the name and year). Namely, an infringer cannot claim they did so accidentally... or something like that. FWIW.
That's because you find them obscure. If your community used them more frequently you would just read them in place, like people do with IANAL, LGTM, AFAIK, etc.
Incidentally, I didn't understand this one, but I don't blame OP (oops, I mean 'original poster') for misunderstanding the linguistic norms of HN (hacker news).
They're a significant indicator that you're reading a message from someone who doesn't mind inconveniencing an unknown number of people to gain a negligible benefit for themselves. :) Or, at least, this is what I remind myself when I catch myself using them. Typing is not a hardship. I spend time trying to come up with the absolute clearest way of writing what I'm trying to say, so why would I then take a step backwards (potentially) in clarity just to save myself three seconds of typing?
> AIUI, the only people who could claim damages in a civil suit are ones that could demonstrate actual costs as a consequence for Lenovo's action.
So, basically what you're saying is that I can secretly take nude photos of you (when you're not in a public place), and "enjoy" them (in whichever manner) but not share them with the public, and you can't sue me unless you can demonstrate my actions actually costed you money?
There's a distinction between civil and criminal law, and the post you responded to was only talking about civil law.
I'm no lawyer, but as I understand it, you sue people under civil law for some kind of compensation - for financial loss, loss of reputation, psychological consequences, etc. Your voyeur example would hopefully fall under criminal law, which deals with the things society considers morally wrong. But a criminal trial would be prosecuted by the government, not by you suing.
However, depending on your jurisdiction that may be a crime. In that case, I or the state might be able to prosecute you under criminal law. I don't generally understand that to be within the meaning of "sue" though. And, again in general, criminal conviction leads mainly to punishment rather than reparations to the victims.
Oh, and exceptionally, if I'm your "model" then without me signing an appropriate release I own copyright on your photos, so I may be able to sue you for losses (probably to the value of you buying an equivalent market-rate DVD or something).
> if I'm your "model" then without me signing an appropriate release I own copyright on your photos
You sure about that? AFAIK the copyright is with the creator, i.e. the photographer. Model release is required on for privacy purposes, not for copyright.
That is correct, at least in the USA. Photog owns the copyright upon creation. Model release is required for (certain) uses in publication, but not all - for example, newspapers do not have to get model release from people in photographs used for editorial purposes.
In the United States it's actually the photographer who owns the copyright not the subject. Not positive if this is the case everywhere but I believe it is.
You don't own the copyright without a model release, but, in many (but not all circumstances), you can sue for renumeration if your likeness is used without your permission. With the exception of some work-for-hire scenarios, copyright is always with the creator (but the creator must be human; monkeys don't count[1]).
What about knowingly putting consumers at risk? Suppose you buy a new car from GM and you later find out they've installed worn-out second hand brakes (on purpose, knowingly, and for profit motivation). But you're an old lady that only used the car to drive once a week, at 15mph to a church five blocks from home, so no damage happened. You're telling me that GM couldn't be punished for anything?
Since you mention cars, there is a lot of regulations and laws regarding the production, selling and importing of cars. As such, producing unsafe car is likely a criminal offense, and it would likely be NHTSA who would go after GM.
But in this case, there is good precedence for claim of damages. People has used time it have taken a engineer to investigate, clean, and fix a computer system after a computer intrusion. Even a few hours work will result in several thousands, much more than the laptop itself is worth.
In the US, at least, you must have "standing" to sue someone. That means that you have to demonstrate damages.
Those damages may be minor -- you don't have to have killed anyone -- but they have to exist.
If, in your example, GM only installed the worn out brakes on that one car, and the worn-out brakes never caused any damages, then no, GM cannot be sued for it.
Note that "I had to pay a mechanic to replace the brakes" is damages.
I am not a lawyer, this is not legal advice, I may be wrong, etc.
In UK, as I understand it, unauthorised access to computers and networks/communications under the Computer Misuse Act is a strict liability situation: you only have to do it to break the law, no harm needs to be shown. MitM-ing my connection would be unauthorised access. It's a crime.
There is also negligence. Like in the original case [1] where a woman got ill and suffered emotional distress after drinking bottled ginger beer with a decomposing snail in it. Even though the manufacturer had no intent to sell "snail beer" -- a consumer has a trust relationship with them: in exchange for money they can reasonably expect the manufacturer to take enough care not to bug them.
The offence of unauthorised access requires proof of two mens rea elements, (see section 4 CMA):
(1) there must be knowledge that the intended access was unauthorised; and
(2) there must have been an intention to obtain information about a program or data held in a computer - section 1(2) CMA.
See also http://www.legislation.gov.uk/ukpga/1990/18 - the current unauthorised intercept of data, installation of a MitM system appears to be an offence under inter alia Section 1, 2 and 3 separately.
Anybody can file any kind of lawsuit. If you can't demonstrate harm to the person filing (with a few exceptions) that lawsuit will be tossed right out, though.
So while individuals have been charged with numerous hacking charges and potentially decades in jail time for mundane things, such as obtaining plain text info and port scans.
Lenovo which actually facilitated breaking ssl security on all of their customer computers is going to get away scot-free?
"Ladies and gentlemen of the jury. We will show you how the defendant used the notorious hacker tool known as 'strings' to facilitate his vendetta against Lenovo."
This. I've recently begun anonymously reporting HIPAA violations in FLEX pager systems. Unfortunately the act of demodulating these unencrypted signals easily obtained with a $5 SDR potentially constitutes a felony. This absolutely terrifies me.
Yup. There's a very real aspect of neo-aristocracy happening right now in that the law is not applied equally to all entities. Just look at the HSBC money laundering case as the perfect example. If an individual is caught in a drug money laundering scheme they go to prison for a very long time. If a major multinational bank is caught laundering literally billions in drug trafficking revenues then they get slapped with a comparatively modest fine and everything is swept under the table. Same deal if Joe Schmo doesn't pay taxes versus some major politician.
>If a major multinational bank is caught laundering literally billions in drug trafficking revenues //
That of course should read "If the personnel at a major multinational bank ..." - it's those who created and authorised the scheme, real actual people, that are getting off. It's not a vacuous idea of a corporation, the corporation didn't commit the crimes, people did.
Other than that, yes, powerful millionaires don't get put in prison for scamming the demos. Prison is only for the proles it seems.
Yes, exactly, that was my meaning. People have some weird ideas about corporations these days, but there are people behind those actions. There were people, lots of them, who knowingly broke the law, laws that would get ordinary folks thrown in prison for a period of time that would have a high probability of lasting the rest of their lives. But because it was carried out through the auspices of a major multinational bank that was "too big to fail" those people eluded punishment.
Similarly, if you or I were to install a MITM proxy that intercepted ssl traffic on someone else's laptop we would see the full weight of the criminal justice system rain down on us. But when a big company does it systematically they will almost certainly escape virtually scott free.
Lenovo is a Chinese company. If you move to China and get backing from the Chinese government, then yes, you can hack into US computers and get away with it scot-free. (Alternatively, if you stay in the US and join the NSA, you can get away with hacking into Chinese computers scot-free.)
That's not how the law works for multinational corporations - they are accountable to the laws in the nation in which they conduct business (which isn't to say they will be persecuted).
"WASHINGTON-The Canadian government has delivered a scathing response to a $500 million lawsuit from the American pharmaceutical industry, dissecting the intellectual-property practices of the company that launched the case.
.. Eli Lilly had filed for 12 separate patents between 1992 and 2004 claiming it could treat psoriasis, stuttering, incontinence, hot flashes, anxiety, learning disabilities, tic disorders and, finally, ADHD.
.. “Canadian law does not grant patents for almost-inventions,” said the submission. “Even if the applicant’s speculation at the time of filing is later confirmed.”
.. The Canadian government shrugged off its appearance as the only G7 country on last year’s U.S. Trade Representative watchlist. It described the list as a bunch of allegations from U.S. companies, published by the U.S. government."
Interestingly, for users who are running the Superfish software there's no need for a MitM to have the private certificate as the Superfish MitM proxy is validating any cert. I have a screenshot here: http://defaultstore.com/four.png of it validating my MitM proxy cert. To be clear, I'm in the middle of the TLS connection from Bank of America thanks to Superfish not denying the bogus cert I provided.
If you have Superfish and want to validate this behavior for yourself, you can visit https://defaultstore.com/ and watch it accept an expired cert. Given this situation the Chrome team and others should without a doubt treat the cert as revoked.
It's likely a lot of people are still running that software. I bought a Lenovo Yoga 2 11 today and it had Superfish installed by default and all my connections are MitM'd on that machine.
UPDATE: if the cert is revoked, it will likely leave a lot of people unable to browse the web. It would be nice if the revocation process in Chrome could provide users with instructions on how to remove the software.
>To be clear - we will still define how to use HTTP/2.0 with http:// URIs, because in some use cases, an implementer may make an informed choice to use the protocol without encryption. However, for the common case -- browsing the open Web -- you'll need to use https:// URIs and if you want to use the newest version of HTTP.
Someone explain to me when "an informed choice" would ever come to the conclusion of, "Encryption? Not Necessary!"
> Someone explain to me when "an informed choice" would ever come to the conclusion of, "Encryption? Not Necessary!"
I've been informed that encrypted web traffic costs money for the certificate and for additional server hardware. Thus I made the informed choice to use HTTP/2.0 without encryption.
>encrypted web traffic costs money for the certificate and for additional server hardware
1.) You can make and self sign your own cert. As another poster pointed out, there's also distributed solutions.
2.) When we let standards that are going to be in-place for at least a decade be manipulated by the hardware costs at their inception, it's a bad standard.
Unencrypted HTTP/2 is for host-internal communication, ie. between app servers and public endpoints. Firefox and Chrome are both only going to support HTTPS for HTTP/2.
90% of the time the desirable quality of TLS traffic is authentication of the server, not encryption. Encryption only really comes handy when confidential information and authentication credentials get exchanged.
Now if you provide authentication by other means, and confidentiality of the traffic not important, plain text protocols make sense because it enables caching proxy.
Typical use case: software updates distributed as signed packages. The information isn't very confidential, and using plain HTTP enables the usage of a caching local proxy.
> 90% of the time the desirable quality of TLS traffic is authentication of the server, not encryption.
Authentication of the server is not sufficient, you also have to authenticate every message as having a valid checksum and signature.
>Typical use case: software updates distributed as signed packages
This is a specific use-case because the package checksums are verified before any of the code is executed (unlike injected javascript to webpages). Also the checksum is usually obtained from the package server, so if SSL is broken the checksum can be spoofed as well.
> Do you perhaps mean "cryptography" rather than "encryption"?
That's true the poster said authentication of the server, if you sign every message cryptographically, you'll be able to detect message tampering. I should edit that.
>Encryption only really comes handy when confidential information and authentication credentials get exchanged.
It's 2015 and we have quad-core processors in phones that are faster than my laptop. What reason can anyone possibly have to not at least strive to encrypt everything? When is it advantageous to not encrypt?
That page is scary reading. They’re actively selling their product as resistant to AV software and warning that it might be targeted by Google/Microsoft in the future.
Yep, I was just thinking the same thing. Pretty horrifying to read "The SDK has anti virus capabilities and each compiled version generates a totally new version" and realize that a major PC OEM knowingly installed this on new systems. It's malware in every sense of the word.
Technically they're saying that their competitors might be targeted by Google/Microsoft. But yes, it's messed up that a company is openly advertising their malware product like this.
Sadly it allows anyone, not just "you" to modify SSL/TLS traffic since the Superfish MitM proxy is validating any cert. I have a screenshot here: http://defaultstore.com/four.png of it validating my transparent network MitM proxy provided cert and showing the lock in the address bar.
SSL interceptors are typically marketed for corporate use, where the company installs a Root CA certificate into it's employee's computers (the company owns the computers after all). Nothing illegal about a company modifying a computer they own and/or monitoring traffic on their own network.
There is a way how to identify MITM on HTTPS connection. If you are using SSL cert authentication via HTTPS, than it stops working, because browser (at least my FF) will not know that it should send a client cert to server and you can not 'login' (not analyzed it deeply)...
I discovered it when I'be bought Lenovo Yoga2 Pro in December, and I could not login to my site that is using SSL cert authentication. Google than recommended me to remove SuperFish...
I believe the intent of the parent poster was actually correct. SSL client certificates [1] are a way to securely authenticate (i.e. login) by using a certificate which you control the key to in addition to the normal SSL certificate for the website.
An over-simplified example: if Alice (A), a client with web browser on a compromised computer, wants to access the BigCorp website (B) she sends a challenge, such as a random string, to B, and B sends back the challenge encrypted with the BigCorp SSL certificate. Alice's browser verifies that the signature corresponds to a valid certificate, which it does because BigCorp's certificate is legitimate and signed by a legitimate CA, and then Alice's web browser and the web server negotiate a session key to use for SSL.
If we introduce an attacker, Eve (E), to this, who has the key to a trusted certificate on Alice's machine, Eve can intercept Alice's original challenge and send back an answer to that using the trusted certificate, which Alice thinks is genuine because the certificate is valid in her browser. This is where certificate pinning helps, since if Alice has visited the site before, the certificate does not match and she gets an error. After the negotiation, Eve then has a session key to both A and B, and any data that A sends, Eve decrypts and re-encrypts with the session key for B, passing it seamlessly onto B, and vice versa for traffic going the other way.
SSL client certificates break for a MITM attack for a different reason. When Alice is using an SSL client certificate to authenticate herself, she has her own certificate on her machine which she knows the private key to (it can even be self-signed). The web server knows Alice's public key (stored like a password hash in a database), and can therefore perform a similar challenge for Alice. When Eve intercepts this challenge, she cannot send a valid response back to the server, as the only valid key for Alice's account is stored on Alice's computer. Therefore, sites that let you sign in with an SSL client certificate often just stop working when you are being MITM'd.
I've been hoping for years people would wake up to the risks of these things.
I presented on the topic at Blackhat Europe a few years back, where I disclosed several certificate validation flaws in Cisco Ironport. I understand there's legitimate reasons for enterprises to want to decrypt and inspect TLS connections, but it's not without it's risks and downsides.
Good set of slides. Companies are more likely to be afraid of the other risk, which is why SSL interception is used - when malware makes use of it to avoid detection.
Security cuts both ways. I think the most important point is that the user should be in control of the traffic, which means knowing whether or not interception is being used.
Yeah, it's a balancing act, and there's certainly a desire (and probably even a legitimate need) to monitor encrypted comms for malware C&C channels, data exfiltration, etc.
Your view seems to reflect a similar nuance as my own. Administrators need to weigh the risks and benefits as it relates to their own environment, and users should at least be aware that such monitoring is taking place. Beyond that, there's some technical challenges, but I see the bigger issues as political and expectation vs. reality alignment.
Those kind of monolithic network security systems see to be intrinsically pointless. If a user can run code on the machine then they can probably get around the network level security. So any implementation is dependant on AV software preventing circumvention. At that point you might as well install the tracking/filtering software on the local machine.
No. Network level security, if correctly installed, cannot be avoided by just running some code on your local workstation. If you have it installed on the station itself, then it is easier to avoid by just shutting it down. Also network based security can isolate workstations that are suspicious.
And your 'monolithic' is a symptom of architecture, that is either outdated ("not hipster") or just bad. But that does not mean that someone can't build hipster and good network level security. I guess, Google does not buy that off the shelf.
>> No. Network level security, if correctly installed, cannot be avoided by just running some code on your local workstation.
Don't you have to intercept/reject TLS to make that workable? Otherwise the user (or malware) can upload or download anything and all you see at the network level is a destination IP address. If a user has admin rights (which is common in corporate environments) then they can install software which can mimic a browser using HTTPS.
At the network level it is difficult to identify what program generated a request and which user was running that program. I am very sceptical of the heuristic approaches that try and solve this problem (Palo Alto App-ID for example) that display quite shocking emergent properties.
Surely it is technically preferable to track network requests within the OS and browser where you can actually get at information reliably without any hocus pocus. If a user can avoid it by just "shutting it down" then they can also remove the AV, connect to a proxy and spend the afternoon uploading client lists to a porn site.
Yes, the proxy has to offload the original TLS connection in order to do that. And the network owner must deploy its own certificate to the clients.
The whole X.509 infrastructure is based on trust. You have to trust your certificate store, the certificates, the network and its components and CAs need to trust those who request certificates. If you have to use a network that uses a proxy, you have to trust it aswell. If you do not, then just do not use it or at least don't do your online banking over that network (or use a VPN if allowed (sigh)). So a good network security deployment is not only well maintained, but also transparent to its users on what it does. The user must have a choice on whether a network is trustworthy or not.
The problem with SuperFish is that it shipped not only the root certificate, but the private key to sign new certificates on the fly. And the user was not informed about it and not given a choice. This is the problem here.
Most clients I worked for provided me with a separate network for unfiltered internet access (guest networks) in which I used a VPN to a network which I trusted. I was given a choice.
Edit: A thing that bugs me often is when I see a network proxy that does not use TLS for the proxy connections. Unfortunately that is happening in the majority of networks, I see. And that affects my trust, so I rather avoid accessing certain services when I cannot have my VPN.
I guess that corporations need lots of network level security because they have so much unencrypted sensitive data on their networks which places a lot of implicit trust in that network.
That is true. That is why attackers (like the NSA) would be happy to infiltrate routers (less changes from the outside like administrators) instead of clients (more changes). A proxy is a quality target, too. But a proxy is also more visible and tampering is usually easier/faster to detect. Corporations need to TLS and/or message encrypt everything. But that is often not priced into (project) budgets and a hard thing to do (key exchange, managing certificates).
That is possible. But that depends on how TLS clients approve wildcard certificates. Wildcard certificates are considered harmful. And AFAIK, browsers will not accept 'star.star' (correct me if I'm wrong). So if I host a MITM proxy, I at least use FQDNs as subjects. It also works better with revocation lists/protocols.
An example for why wildcard certificates are bad is Microsoft. A couple of years ago, they had problems with subdomains which delivered malicious code through hijacked web pages that were hosted on those domains. Microsoft used a wildcard certificate...
I don't see a problem with those solutions that protect networks, if the users know about it. The alternative would be to have no Internet access at all in order to lower risks of loading malicious content.
I see problems with them as well. There's the security risk that the products might have vulnerabilities that expose end users. Secondly, they may cause other problems that are not security problems. For instance, I have experience of a solution where HTTPS proxy mangles AJAX stuff that goes over HTTPS. This will cause very weird problems that are hard to debug.
Here the problem is not that the proxy would be trying to insert advertisements to the content. Just changing IP addresses within AJAX content may break functionality in nasty ways. For instance, so that things work with some browser and not another one, or reuiqre a particular engine setting in MSIE11, or some such. There is no problem in the service itself, but the service gets the blame because people can't think that a Cisco product in between might be the cause.
Of course there are security implications with central services like an enterprise-grade proxy. And anyone using such a solution must do the best to keep it secure. It is all a question of probability and of costs. I bet, most vendors of such solutions will do their best to protect them and their customers. So a network security solution that might have a exploitable hole in a period of time is better than none.
I've been working my entire career for large companies. I've experienced many solutions and I cannot remember one technical problem that was caused by network security, other than "InsertYourSocialNetworkOrBinary was denied by SecurityRuleXYZ". At several companies I had to sign a paper that informed me about the security implications and my duties when using the companie's Internet/network access.
I have also worked for larger companies, mostly, and within them I have actually experienced many technical problems caused by network security solutions.
HTTPS man-in-the-middle proxying is one particular scourge that causes weird things - the problem reports being of the kind that in a completely legitimate and intended use case, "Chrome works, MSIE does not".
"Barak Weichselbaum founded Komodia, Inc. in 2000, following his military service as a programmer in the IDF’s Intelligence Core." https://twitter.com/idfspokesperson
This shouldn't be a surprise. As military service is mandatory, virtually every single Israeli company has been founded by someone who did some times, and the most tech savvy people usually end up in the intelligence stuff.
I was just browsing some pages on the Lenovo forums where users were complaining about SuperFish (some from January, one updated complaint from today). I refreshed a page and received a message stating that the forums are down for maintenance. Either this is damage control or the forum provider (Lithium?) was ill-provisioned for the current level of traffic.
Question: how does it work if user goes to the page which has invalid / self-signed certificate? Does proxy sign the altered page with the same certificate as others, thus making the warning go away? This would leave you open to other parties' MITM attacks too (because warnings are silently ignored).
Or do they leave the page intact if the page certificate is not legit?
If the private key/certificate really is the same for every installation of superfish, it would be interesting to investigate whether the the key is shared by all the other customers of the SSL interceptor as well. Their references mention Barracuda Networks and Astrill, for example.
As someone who used to work for a Barracuda competitor and would love to spill some hot soup on them, I'm very confident in saying: no way. Even if they were dumb and incompetent enough for this (they aren't), enough of their customers are savvy enough to demand they change it.
It wouldn't delay the page load time, so it doesn't seem like it would be slow or very noticeable. As a user, at most you'd notice ads popping up a few seconds after the page loaded. But users without adblock are used to such things. And as long as the adware reserves a blank space on the page to display ads, the ads won't mess with the layout of the page when they load.
EDIT: Why has this been downvoted twice? It's absolutely correct.
It's a strange day when you post something unambiguously true to HN and it gets summarily downvoted.
The only part that isn't unambiguously true is that "most users without adblock are used to such behavior already." But I stand by that phrase, because "most users" are people who understand almost nothing about about computers.
Remember, downvotes are reserved for trolls and people you disagree with, not something which you think is "maybe untrue but I don't know whether it's true." I've complained in the past about having to write epic edits because people don't follow this so I have to explain myself further.
Maybe you want more explanation about how precisely the above MITM would work? Here's how: The page loads. This completes normally, and the user doesn't see anything differently. In the meantime, Superfish reads the network traffic that has loaded. It also has injected some javascript in order to reserve a spot on the page to display ads. This would be a big blank space where the ads go after they load.
Now the network traffic is sent off to China or wherever. It's analyzed on a server, then the server sends back commands to Superfish about what to do, like "Display ad 91234128 at X,Y spot on the webpage."
The total roundtrip time would be no more than a few seconds. China isn't the moon. Half the speed of light is fast.
Thank you for the lecture on downvotes. You are 100% wrong because we are discussing the presence of the private key. Your scenario imagines an intelligent proxy that interacts with China intelligently. In that scenario the private key remains on the end user machine to enable low latency as you describe. The upthread poster presented the scenario wherein the key is not distributed on end user machines for security reasons, but that then means the key must live on the theoretical server in China (otherwise how else would you encrypt a connection against your certificate), which would require passing the entire TLS connection through that server to perform the MITM.
This subthread is about private key distribution. It's really poor form for you to react to being downvoted (as legitimately wrong) by lengthening your comment by a factor of 5 and lecturing people about downvotes.
No, you don't need to pass the TLS connection to China to perform an MITM. Superfish would generate a cert at installation time, unique to the specific user that was being targeted. The channel back to China would be protected by TLS too, but it wouldn't be MITM'able by anyone except Superfish HQ, unless they lose their private key.
I disagree that it's poor form to react to downvotes when they're wholly unjustified. Maybe I did a bad job explaining myself. In that case, I should explain myself better. That's a positive thing, not a negative. Reddit has this stupid trope like "Complaining about downvotes? That's a paddlin'." Which if you think about it just a self-reinforcing culture of bandwagoning. But I imagine that this is now entirely offtopic and boring, so let's focus on the tech.
Again, irrelevant. This thread isn't "sillysaurus3 imagines how he would implement the perfect proxy," it's correcting an assumption about the actual existing proxy. I suggest if you want to pursue your off topic study of how to implement a proxy that doesn't introduce latency while performing the functionality, you do it elsewhere.
You should also read the HN guidelines before explaining downvote etiquette to me, because they will surprise you, apparently.
Why should I do it elsewhere? This is a thread about an interesting tech topic, and maybe some people might find that aspect interesting. This is the last comment I'm going to write to you because this is now wholly uninteresting to readers. I'll never understand this mindset of "Oh, well, there might be a misunderstanding here, but rather than clarify it calmly and rationally, I'll take this as a license to be angry and mean."
Who cares if someone thought that the proxy was going to work like X, but it turned out to work like Y? What matters is that if it can work like Z, then Z should be pointed out, especially if it enables some interesting aspect that people previously hadn't noticed. Anyway, you've successfully killed the fun of HN for me for the day, so see you later.
It says a lot about you that you think a calm explanation of your downvotes, as you are plainly in hysterics over them, is me being angry and mean. I meant elsewhere in the thread. You corrected someone who was correcting someone else, and you were wrong about the spirit of your correction. I was calmly suggesting that if you want to think through such a hypothetical you shouldn't do it as a misplaced correction.
You really need to unplug for a bit. I'm dead serious.
Your post is off topic and misses the point entirely which is why you are being down voted. Routing all http traffic to China and back would certainly introduce noticeable delay in page load times.
That wouldn't avoid storing the key on the local machine, since the MITM server still needs to be on the local proxy.
I have no idea why you're chasing this thing. The gist of nailer's original post was asking why the private key was accessible. Whether the local proxy talked to a box in China or not seems completely irrelevant.
Is it good or bad that they made no attempt at all to obfuscate the cert and password? I mean, obviously this whole stupid MitM attempt is stupid, but by leaving this stuff totally in the clear, can they claim to have done all this out of stupidity rather than out of a callous disregard for the security of their customers?
But if you look at what Komodia says on that page regarding anti-virus:
"The SDK has anti virus capabilities and each compiled version generates a totally new version."
it's pretty clear they know this is something that most people would consider to be malware rather than just run of the mill adware. So the blatant disregard for users appears pretty malicious.
Useless. What would have been valuable would have been to generate a random private key at installation time. As it stands, it seems like the private key extracted can be used to mitm all Lenovo users.
Some ad-removing proxies (basically the exact opposite of Superfish?) and antivirus need to do MITM on SSL as otherwise they would be completely ineffective against ads or malware served via SSL.
> otherwise they would be completely ineffective against ads or malware served via SSL.
That's certainly false. HTTPS does not encode the routing headers, so it's still possible to block all traffic foreign to the host (or coming from a list of suspected malaware/add domains) without decoding the packets.
a) You block post and get requests that go to external domain's which are either blacklisted or non-whitelisted.
a) services hosted on AWS still have specific ips or ip ranges tied to domain names, so even if doubleclick is hosted on AWS there should be no problem ban-listing it.
example:
HTTPSwitchboard works quite well with some tuning without any MiTM proxying - as a matter of fact, I'm not sure what you would even gain from MiTM proxying, if an authenticated host wants to serve you malicious content they don't need to cross-domain reference, and you won't be able to distinguish it from non-malicious content.
Proxying and decoding content at some point prior to final destination may be useful in certain very specific cases, but generally it's unnecessary and leads to more dangerous failure modes. So far I haven't seen a typical use-case for it explained, which cannot be achieved with other methods.
if an authenticated host wants to serve you malicious content they don't need to cross-domain reference, and you won't be able to distinguish it from non-malicious content.
The point is that the MITM proxy can scan the traffic for malicious content and block it before e.g. it reaches a browser. HTTPSwitchboard works only in the browser, but that might be too late if it's a browser exploit on a new domain... or a browser that you cannot modify easily, like the embedded ones in various "smart" devices.
> The point is that the MITM proxy can scan the traffic for malicious content and block it before e.g. it reaches a browser.
The difficulty is identifying the malicious traffic in an automated way, your own machine can scan it to - but most likely your browser is already patched for known vulnerabilities (maybe if someone is still running old IE versions in your office this could be beneficial).
Secondly, you don't need to proxy to scan malicious sites, if you have a dedicated machine (or third-party service) that sees an outgoing request and if the address is not in it's safe-list, it tests that request by duplicating it (you can have a netfilter hook in your firewall blocking packets from 'non-safe' sites or delaying for validation from the dedicated device/service). This doesn't require a MiTM proxy in the SSL connection.
The SSL connection MiTM as far as I understand is only necessary if you want to check for malicious data being injected into an authenticated, non-publicly accessible site or form. Having one dedicated device which is re-routing office traffic through it's own SSL cert means that if that single device is compromised, so is the entire network.
Is it true that an antivirus program like Microsoft Security Essentials installs a cert into the system cert store in order to MITM all network traffic?
They added a password to the private key which they didn't have to, so it's not true that they didn't attempt to obfuscate it at all. In practice that only bought them a couple of hours at most, but why add a password unless you're trying to stop people from using it?
If you subscribe to the idea that you shouldn't assume malice when stupidity suffices, maybe the programmer in question just saw somewhere that it's good practice to use a password on private keys, and didn't understand why you do it or how it helps.
Yeah that's another point for the "don't blame us because we're stupid" argument. They're actually so stupid that they use a password, that's stored in the same place as the cert. If they used any of the standard anti-reversing techniques, that would have implied enough sophistication to be expected to know how TLS certs work, thus enough sophistication to know to just generate new certs on first use. One would have expected Commodea to make this automatic for their poor stupid customers, however.
This is not likely to be possible. Rob Graham was able to do it for Superfish because the SSL interceptor resides on the same machine as the browser, meaning that the private key is accessible to anyone who installs Superfish.
By contrast, the GoGo interceptor is going to be a computer somewhere either on the plane or possibly on the ground (at some GoGo data center), meaning that its private key isn't accessible unless you can somehow gain access to the interceptor system.
I think there is one more party involved here that no one talks about. Microsoft! Sooner or later Microsoft will have to reconsider their partnership with hardware manufactures such as Lenovo for consumer products.
Too much of choice and too much of competition has made consumer PC laptops shopping an unpleasant experience. Windows Surface Pro 3 however is an amazing device. In my opinion Microsoft should now come with their own laptops made by MS well integrated with Windows Phones, Xbox and Band.
Keller Rohrback L.L.P is taking the opportunity to get in the spotlight by investigating possible claims [0][1]. Would be interesting to see the how it evolves.
Looking at Komodias webpage, Lenovo could have a hard time defending that they did not know about its possible SSL interception. Failing to understand the impact is Negligence, at least. I would argue that decrypting the traffic is as intended by Lenovo.
To be honest if you purchased a consumer grade Lenovo machine then malware is the least of your concerns. That thing will be a paper weight within a year.
They're like the "Gateway" laptops of yesteryear. Thinkpad is still "fine" but Lenovo's consumer stuff is utter junk of the highest order.
Source: Worked at a startup which purchased consumer laptops (shudder). Asus were "fine," Acer/Dell was "ok," Lenovo were horrifying, only being beaten by an unbranded laptop we had.
So I'd highly recommend avoiding Lenovo's stuff unless it is a Thinkpad.
Not sure about current practices, but their support here in Australia was awful in the late 2000s. They wouldn't even talk to you on the phone unless you fronted $55. "All I want ask is if you have online documentation and where, I don't want troubleshooting" -> Nope, $55 before we answer that. Screw supporting that model.
That is normal protocol for any new PC I buy. The crapware that PC manufacturers don't even bother trying to hide like antivirus, photo management, browser helpers etc... always warrants an OS wipe after unboxing.
If my next laptop isn't from Apple it will be one I can buy from Microsoft directly where they don't install any of that garbage.
Can anyone verify if this is also on Chromebook? I just noticed today after I did a google search on my girlfriend's laptop, a few seconds later a section appeared called "Visual Results" she has the Chromebook Toshiba 1080p. This would be insane if in fact it is the same MiTM.
Are google or other browser vendors looking at ways of combatting this in the future. Would it be a massive privacy invasion to send back root cert details to the browser vendor so they can identify suspicious root certificates.
It might be nice for browsers to flag locally installed root certificates and give some kind of visual indication to users but I'm not even sure how easy this is to do because a lot of browsers use the system roots and don't control the roots directly. its easy to identify the extra certs when you control the original roots.
also apparently this doesn't go down too well with corporate users who want to install extra private roots for internal services or for MITM.
If Chrome implemented better cert checks, Lenovo (or anyone else) could just install their own version of ''Chromium, enhanced by Superfish'' for users and push them there instead. Who do we turn to then, Microsoft? (No thanks.) The party at fault here is Lenovo; I would be cautious to blame the tools they used. Also keep in mind there are many white hat uses for MITM SSL packet manipulation. If you lock down all the tools, pretty soon you end up with a walled garden controlled by very few parties (who then pull crap like this in the end anyway, with slightly better spin/PR).
I hope tons of other computers, not just Lenovo's, that have Superfish will also be using the same certificate that's now compromised. Need more shit in the fan toward these guys.
Unless I am missing something, the only traffic you can decrypt is between the browser and the proxy which is localhost, not the proxy and the website(traffic you see on the wire).
Code is not the only sort of thing with an optimal chunk size. Languages and APIs (such as sets of library or system calls) run up against the same sorts of human cognitive constraints that produce Hatton's U-curve.
Accordingly, Unix programmers have learned to think very hard about two other properties when designing APIs, command sets, protocols, and other ways to make computers do tricks: compactness and orthogonality.
Racism? Webster's definition[0] of ghetto (and that of any other respectable dictionary) makes no reference to any particular race. Would the phrase "the poor man's solution is to run strings" also be racist, by your logic?
[0] a part of a city in which members of a particular group or race live usually in poor conditions; the poorest part of a city
In the US for the past many decades the word "ghetto" has referred to qualities associated with poor urban american neighborhoods, specifically black neighborhoods, and only has a historical connection to jewish ghettos.
And people scoff at the idea of buying an Apple laptop.
Lenovo used to be championed around as the best competitor because of it's hardware, but this comes to light: What do you say to that? For the past 5 years Apple has had the best laptops in the world hands down.
Except quite a few of us can't stand them for various reasons:
* the os does not feel practical (menu bar on only one screen? No universal home/end? No universal way to jump/select words like (ctrl + ->, ctrl + shift + -> on Windows and Linux)
* non-standard keyboard layout, no way to adjust it (specifically fn/end)
Mind you, I am a fan of Macs and recommend friends trying them but I don't want one as long as I cannot afford one laptop for work and another for photos and stuff.
Plus the macbooks get stupidly hot. Closest I've felt was some junk HP. The keyboard is a joke. The clickpad is annoying. It's obviously all form over function.
The screen's fantastic, and I guess some people like the shiny metal look. It's got decent hardware, and lots of video out ports. Except, no TPM or other secure storage. And they don't see to take the "let's expose PCIe on outside ports" problem seriously.
Unfortunately, Lenovo is running after them blindly, destroying the work IBM has done on the ThinkPad. I suppose there just aren't enough users with $$$$ to spend to counter the trendy shoppers.
FWIW, OS X has a menu bar on every screen since 10.9, and you can indeed jump/select words, just substitute Option in place of Control (always been that way AFAIK).
What's "the standard" keyboard layout? Looking forward to that one. :)
> FWIW, OS X has a menu bar on every screen since 10.9,
Good. About time should we say? I left Apple three years ago.
> and you can indeed jump/select words, just substitute Option in place of Control (always been that way AFAIK).
Except if you use another application, then you have to use CMD or fn. But careful, cause in a third application that is a substitute for home/end.
> What's "the standard" keyboard layout? Looking forward to that one. :)
It's easier to tell when someone breaks it:
* Adding shortcut keys on the sides of the keyboard so that I end up starting 5 calculators. (my wifes hp compaq)
* Not putting ctrl in the lower left corner, nor letting me remap it, causing frustration every time I move from the full size Apple keyboard to the laptop or between almost any other machine and an Macbook. (Some thinkpads fails here but at least then you can change it in bios.)
* not having home and end keys nor any consistent way of replacing them.
Again I'm an Apple fan and I am happy that they saved us from older Windows phones but it is not for everyone.
Apple hardware is pretty solid but I have never really gotten used to OSX. I do most of my work in the terminal, Chrome and Sublime Text, and each time I bring up Finder I am sorely reminded of how much I miss Explorer.
>[strings] is an ancient (mid-1980s) program that simple extracts human readable strings out of a binary file, discarding the rest. It's really a stupid simple program.
Nothing he said discounts what you added. You should have just said "be careful with strings" and linked your link, rather than making some vague hand waving correction which wasn't...
It's not a complicated thing it does at all: it uses the standard system facilities for opening an object file to scan through the data section instead of the entire file. In the '80s, it used a.out format, which was dead simple. Today, GNU strings uses the GNU libbfd library, which is quite a bit more complicated, although the fundamental process of parsing an ELF file is also not that complicated.
The actual problem here is that such a dumb simple task as parsing an ELF file isn't something you'll do without vulnerabilities, if you're not paying attention to vulnerabilities. Run `man elf` on your favorite Linux system, and you'll see docs of <elf.h>, which you can use to read ELF files. Write something to just dump the text section -- it shouldn't take you more than like 30 lines of C. Then tell me how many integer overflows you managed to squeeze in those 30 lines. :)
It's worth noting though that this article used the MS/Sysinternals version of strings and not the binutils version in most Linux distros. The Sysinternals version is unlikely to be parsing ELF and the like.
(One quick test: try "strings -n 2 cmd.exe" and see if the output starts with MZ.)
Then again, he did let the 'malware' infect himself. (Ghetto reversing as he calls it.) I'm pretty sure it wouldn't be a big deal if strings failed... but you still have a good point!
While the blogpost is interesting, I am skeptical of the author's claim that the recovered private key may be used for decrypting user data transmitted over the wire, since private keys cannot be used for encrypting data sent to somebody else.
What it can all do by itself is to decrypt data sent from others, or to digitally sign some data.
I would suspect that the bundled private key was used for digitally signing data to show that it was actually generated by the software. The approach is not perfect (since the private key may get decrypted as the author did), but in general it would work effectively for kicking out third party software.
If the developer's intention was to encrypt the data transferred through the public network, then he/she should have used TLS with server-side authentication, with optionally using clear-text credentials transmitted over the encrypted channel to authenticate the software (e.g. basic authentication over HTTPS).
If it gets proved that private information could be decrypted from data transmitted over the public network by using the recovered private key, then this would be an interesting case of misusing public-key cryptography.
It is true that the software is used for MITM. It is true that _Superfish_ is in the middle, decrypting the communication.
OTOH the author claimed that it might be likely for _others_ as well to possibly MITM the communication, by using the recovered key. My comment is that such a situation is unlikely under the premise that the public-key encryption technology was used correctly (from technical standpoint, not ethical).
EDIT: Even if it was the case that the recovered private key was used by the MITM server running locally for communicating with the web browsers, it wouldn't mean that others could use the key to decrypt data transmitted over the wire by using the key, since all the communication encrypted by the key would terminate within the local machine.
EDIT2: Ah sorry, now I understand. The root certificate installed by the adware was using the recovered private key. That would mean that others can MITM the communication by DNS spoofing, etc. together with a server certificate signed with the recoverd key.