PrivDog, worse than Superfish
In the wake of Superfish, a recent Hacker News posting led hackers on a hunt after an application named PrivDog, released by Comodo.
There's a lengthy article on itworld that goes into a few details on the app, as well as an up-to-date write-up on Hanno's blog which quotes:
A quick analysis shows that it doesn't have the same flaw as Superfish, but it has another one which arguably is even bigger. While Superfish used the same certificate and key on all hosts PrivDog recreates a key/cert on every installation. However here comes the big flaw: PrivDog will intercept every certificate and replace it with one signed by its root key. And that means also certificates that weren't valid in the first place.
In a response advisory by PrivDog, they announce an available patch to the minor security vulnerability and state
There are potentially a maximum of 6,294 users in the USA and 57,568 users globally that this could potentially impact.
So far, it looks like the malicious CA is limited to the domain of advertisers... how long until we find actual malware that replicates this behavior?