|
|
|
|
|
|
by maxhou
3840 days ago
|
|
|
> Suppose, for example, that you go to the Bank of America site to transfer some funds or pay a bill. As with Google, and as would happen with any other secure site, it turns out their certificate gets replaced with the Avast certificate. I doubt anyone needs me to lecture them on the potential security issues involved in having a third-party watching their banking transactions without permission! Antivirus software runs with the highest level of privileges, divert system calls... They could theoretically log everything you type on the keyboard, no need to MITM SSL connections > Avast is replacing certificates with its own without bothering to check the validity of those certificates! This is a far bigger issue |
|
|