Published in News

PrivDog privacy software is a Bad dog

by on24 February 2015


Undermining users' security

PrivDog ad-blocker software, which claims to block adverts and replace them with those from trusted sources, turns out to have been based on Superfish.

Apparently the software undermined the Secure Socket Layer while this is similar to last weeks' Superfish scandal, which was also found to undermine SSL security, it's actually a completely different bug.

According to Hanno Böck, a German security journalist, said the flaw is "arguably ... even bigger".

"While Superfish used the same certificate and key on all hosts PrivDog recreates a key/cert on every installation. However here comes the big flaw: PrivDog will intercept every certificate and replace it with one signed by its root key. And that means also certificates that weren't valid in the first place,"

Böck wrote in his blog: "PrivDog will turn your Browser into one that just accepts every HTTPS certificate out there, whether it's been signed by a certificate authority or not."

PrivDog claimed the flaw only "affects a very limited number of websites" and the "potential issue has already been corrected."

It does appear to have contradicted itself by adding: "There will be an update [today], which will automatically update all 57,568 users of these specific PrivDog versions."

Rate this item
(2 votes)