I would like to examine the Lenova/Superfish root certificate being used in the wild.
I've worked through articles like Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, and looked at similar questions like How to detect if I am vulnerable to “Superfish”, and how to remove it? and What security risks are posed by software vendors deploying SSL Intercepting proxies on user desktops (e.g. Superfish).
If you have a copy of the certificate, then you can receive a textual representation of it with:
cat superfish.cert | openssl x509 -text -noout
But what is in the certificate? What attributes are included, and which algorithms were used?
Aucun commentaire:
Enregistrer un commentaire