SSL-busting code that threatened Lenovo users found in a dozen more apps
Found on Ars Technica on Sunday, 22 February 2015
Combined with the Superfish ad-injecting software preinstalled on some Lenovo computers and three additional applications that came to light shortly after that revelation, there are now 14 known apps that use Komodia technology.
Despite the seriousness of Graham's discovery and the ease other security researchers had in reproducing his results, Superfish CEO Adi Pinhas issued a statement on Friday saying Superfish software posed no security risk.
Over the weekend, the researcher also published findings documenting rootkit technology in Komodia code that allows it to remain hidden from key operating system functions.
A pretty simple solution would be to make it illegal to break encryption without explicitly telling the user; and not hidden somewhere deep in the EULA, but directly with a big warning, including an explanation of the possible problems.