More Bad Fish

In light of the recent news that Lenovo was bundling Superfish, which can really only be fairly described as malware, a host of similar threats have been found in popular Windows software, including big names in anti-virus AVG and Comodo.

There are very good write ups here and here so I won't bother going into details, but suffice it to say that companies that should have known better, and placed themselves as authorities of trust, have put profits ahead of their customers best interests.

So what is a Windows user to do?

Note: At this time it appears this only affects Windows users, but it doesn't hurt to check the site even if you use a different operating system.

First, go to this website: https://filippo.io/Badfish/
If you have Superfish or any of the similar HTTPS-Hijacking malware installed on your machine, this check will probably find it.  It is quick, safe and you do not need to install anything.
If you do have a vulnerability on your machine, it will help you with instructions on how to remove it.

Second, if you have AVG anti-virus by LavaSoft (which I have previously recommended) or Comodo PrivDog, I am recommending that you uninstall them.  In my opinion, they are no longer trust worthy programs.
As a good replacement at this time, I am recommending MalwareBytes.  They have a free version for home users that will cover the basics and and a premium version for a reasonable fee.

And finally, a couple good reminders for us all:

1. Even if you have anti-virus/anti-malware software installed, you still need to be careful downloading software from the internet!  Most of these tainted programs were available from Download.com and CNET, which are not inherently safe.
2. When visiting sites that should be secure (financial, heathcare, etc) type in the URL yourself. NEVER click on a link in an email to take you to a sensitive website.  This exploit has taught us that we can not place complete trust the padlock icon in our browser.  A good password manager such as LastPass can also help you from falling for fake URLs.

Related:  If you are fed up with Windows, give some thought to making the switch to Linux.  It is a lot easier and familiar than it used to be.  Watch for future posts detailing my transition.  My current operating system of choice is Lubuntu.

Thanks for reading and be safe out there.  The internet is a wild place!

Alex

Alex Fraundorf is a web application programmer and web security consultant with Snap Programming.

Disclaimer: The advice in this blog is safe and checked to the best of my ability, but it is provided AS-IS with no warranty expressed or implied.  That's why it is free!  Unless otherwise noted, all opinions are my own, do not reflect those of my employer/associates and have not been influenced by any form of compensation.

Bad Move Lenovo

Shortcut: If you just want to see if this is something you have to worry about for your computer, skip down to the heading "So here is what to do to see if your device is vulnerable" near the bottom.

If you own a Lenovo brand laptop, you might have a problem.  If you are thinking of buying one, stop and read this first!

Recently Lenovo decided to pre-install their laptops with a program called Superfish, which in a nutshell acts at the guard dog telling you that a website's secure certificate (the thing that makes the "https://" in the address bar) is legit.

Normally this is done by a trusted authority, usually the company that issued the security certificate, but Superfish is intercepting the normal protocol and doing this itself.

So the question is why would Lenovo and Superfish go through the effort and expense to do this?  The answer is good old fashioned greed.

Lenovo wants to "enhance" your search results with brands that happen to pay them advertising dollars.  It works like this:

1. You go to your search engine and search for an item.
2. Your search engine returns the results to your browser (giving preference to their own paid advertisers).
3. Superfish intercepts the page and throws in its own ads (which will probably not get caught by your ad blocking software).
4. The edited page is sent to your browser (by the way, it makes no difference what browser you use).

This is irritating, but why is it anything more than that?  Lets jump back to the secure certificates.  When you go to a (reputable) search engine, it uses encryption (https://) to encrypt your connection and prevent hacking of your connection.  If Superfish didn't take over as the certificate watch dog, you would get a warning in the padlock section of your browser telling you that the data was altered after it was sent to you.  Superfish prevents this from happening.

Alright, so this is irritating and I don't know if my search results are legit, but is there more?  Sadly yes.  It appears that the developers of Superfish were a bit sloppy and left their program open to being hacked and abused, so what this really means is:

If you have Superfish running on your computer is it possible to have ANY "encrypted" website is being listened in on or altered without your knowledge!

Think online banking, stock trading, healthcare.  Not pretty.

So here is what to do to see if your device is vulnerable:

1. Go to this website: https://filippo.io/Badfish/

It will tell you if your computer has Superfish installed.  If you do, it will help you with instructions on how to remove it, hopefully without having to reinstall Windows.

2. Send a message to Lenovo that you don't appreciate their actions.  You can use their website, the hashtag #Lenovo (they're listening) or better yet, with your wallet the next time you buy a computer.



Additional resources:
http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/
http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/



I hope that this was helpful.  Be safe out there, the internet is a wild place!

Alex

Finally

So I have been thinking that I should start a blog for some time now.  Up until now, I have used my social media accounts for passing on tidbits about web security issues, my proud moments as a father, insights into life and my Christian walk, etc., etc.

The plan for this blog is to provide short and concise articles that fall in to a few broad categories:

1. Web Security Issues
   I subscribe to A LOT of technical emailing lists.  When I come across an issue that affects the web population at large, I will post a summary of the threat, the best known way to counter-act it, and links to other relevant resources.
2. Technology
   I will be posting notes and brief tutorials on things I learn regarding the technologies I work/play with or what ever I am interested in at the time.  Mostly these are just notes to my future self so I don't have to rediscover things later, but hopefully they will be of use to others as well.  Typically they will be about PHP, MySQL, JavaScript, CSS, HTML, Linux, *ubuntu....at least that is what I am into now.
3. Personal
   Some of my posts will be about my personal life, including my thoughts and views about being a Christian, a husband, a father and simply a human with struggles like everyone else.  Since this is a public forum, I won't be sharing too much detail and photos will be limited.  If we actually know each other, please make a friend request on facebook and you will be privy to my shared photo albums.
4. Book Reviews
   Occasionally I am asked to read and review a web technology book that falls under my "area of expertise".

That's it for now.  I anticipate that my postings will be sporadic, sometimes a couple a week, sometimes a lag of a month or two, but I'll always come back eventually.

As always you can find my relevant links and contact me through AlexFraundorf.com

Thanks for reading!