SSL-busting adware: US cyber-plod open fire on Comodo’s PrivDog

Cyper-cops in the Department of Homeland Security in the United States have critically condemned PrivDog, a SSL tampering tool which was supported by er and SSL certificate flogger Comodo.

For shipping PrivDog, Comodo is already in hot and spicy soup of criticism. Comodo is a world-wide  SSL authority. It recently boasted of its third HTTP cert market.

The US Computer Emergency Readiness Team (US-CERT) describes PrivDog as a Windows application which advertises “…safer, faster, and more private web-browsing.” Privdog installs a Man- in- the –Middle (MITM)  proxy and a new CA certificate from a trusted root. The MITM capabilities are offered by NetFilterSDK.com. Privdog does not utilise the SSL certificate authorisation which capabilities which NetFilter SDK provides. The implication of this is that web browsers will not show any warnings when a spoofed or MITM-proxied Https site is accessed. It has been confirmed that  PrivDog version 3.0.96.0 is impeded.

The Comodo group, an SSL certificate-generating  and authenticating organization promotes the Adtrustmedia  PrivDog.  By default, PrivDog is installed by the 2014 version of Comodo’s firewall and antivirus package Internet Security. PrivDog achieves this using a Man-in-the-Middle(MITM) attack. It installs on the Windows Personal Computer, a custom root CA certificate. Thereafter, it blocks connections to websites. This makes browsers to assume that they are interacting with legitimate websites like online banks and secured webmails. Conversely, PrivDog tampers with them  for the purpose of injecting adverts.

Another hazardous thing that PrivDog does is that it converts invalid HTTP certificates on the web to valid ones. An online attacker on your network can redirect your computer to website-stealing site and you could be outsmarted by this.  An attacker has the capability to spoof HTTP sites and block HTTP traffic without the affected system popping out a warning dialogue box.

Both Comodo and PrivDog gave explanation purposed to exonerate them. Comodo trivialised the issue as “minor” and in a statement to El Reg. Then it denied having shipped the SSL-meddling build of the code. PrivDog on the other hand, published a security advisory claiming that the issue is not a severe one and promised to give some update on it.