Audio company Sennheiser has just issued a fix
for a really nasty vulnerability where their software for Windows and
Mac would install a special fake browser certificate that the machine
would continue to trust thereafter, even after the software was removed.
Unfortunately, because the installation also included the private key
for that certificate (which is never supposed to be distributed), it
could then be exploited by arbitrary third parties to trick such
machines into trusting random sites.
Show replies by date