superfishy

Archive of software, links and other data involved in the Superfish / Komodia incident

warning and password

You don't want to install any of the software here if you are not doing this for security research. All provided downloads contain dangerous software, if you use them you will endanger the security of your system. To make sure nobody accidently installs it they are packed in password-protected zip files. The password for all files is

iknowwhatimdoing

background / links

Test if you are affected:

• https://superfish.tlsfun.de/ (my own, individually checks all known certs)
• https://filippo.io/Badfish/
• https://www.canibesuperphished.com/

Some of my blog posts:

• Software Privdog worse than Superfish
• PrivDog wants to protect your privacy - by sending data home in clear text
• How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security
• More TLS Man-in-the-Middle failures - Adguard, Privdog again and ProtocolFilters.dll

My own news coverage in German media:

• Golem.de / Adware: Lenovo-Laptops durch Superfish-Adware angreifbar
• Golem.de / Komodia-Filter: Superfish-Affäre weitet sich aus
• Zeit Online / Superfish: Lenovo steckt gefährliche Adware in seine Laptops
• Golem.de / Privdog: Software hebelt HTTPS-Sicherheit aus

Some english news articles:

• Arstechnica / Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections
• Wired / Lenovo’s Response to Its Dangerous Adware Is Astonishingly Clueless
• BBC News / Ad-blocking software is 'worse than Superfish'

Background / sources:

• Extracting the SuperFish certificate
• It's not just superfish that's the problem
• Mirror of Komodia webpage including various software pieces
• Komodia/Superfish SSL validation is broken
• SuperFish Removal Utility source code
• Komodia rootkit findings by @TheWack0lian
• CERT/CC Blog: The Risk of SSL Inspection
• EFF: Dear Software Vendors: Please Stop Trying to Intercept Your Customers’ Encrypted Traffic

what?

Lenovo delivered Laptops with a preinstalled Adware called Superfish in 2014. Superfish created a severe security hole in all affected devices. Later it turned out that several other Internet filtering products were affected by the same issue.

The software installs a root certificate into the browser which allows Man-in-the-Middle-attacks.

I am collecting all the software, the extracted certificates and private keys to make sure they stay available.

Please send pull requests, mail me interesting items or upload them here.

Hanno Böck, https://hboeck.de/