PrivDog Security App Could Compromise User Security

By

Windows tool injects ads and new certificate into HTTPS connections.

The PrivDog “security” application by Adtrustmedia has come under fire as yet another SSL manipulation tool that actually compromises security. According to the US_CERT report, PrivDog is supposed to provide “… safer, faster, and more private web browsing.” The tool actually behaves as a man-in-the-middle proxy that replaces online ads with different ads.
PrivDog inserts its own trusted root CA certificate into the connection, and according to reports, affected versions of the tool fail to check the certificates of the sites visited by the user properly, which means no warnings will appear when the user visits some spoofed HTTPS web pages. The CERT team has confirmed that the problem affects version PrivDog 3.0.96.0. However, even if you’re using another version of the tool, this might be a good time to ask whether your web browsing will really be “safer and more private” if you let a third party company insert itself into all of your HTTPS connections, which actually seems to defeat the whole purpose of HTTPS.
This latest discovery comes on the heels of a similar controversy regarding the Superfish tool distributed by PC vendor Lenovo, which allegedly plays similar tricks with SSL connections to inject ads. Lenovo claims it is no longer shipping Superfish, but the recent trend for so-called “security” add-on tools that break the chain of trust for SSL connections reveals just how much the IT industry has come to depend on online advertising – and how far some companies are willing to go to cultivate sources of ad revenue.

03/03/2015

Related content

comments powered by Disqus