Will Dormann from the CERT Division of the Software Engineering Institute takes a close look at SuperFish and PrivDog and finds out that:
- The capabilities of SSL and TLS are not well understood by many.
- SSL inspection is much more widespread than he suspected.
- Many applications that perform SSL inspection have flaws that put users at increased risk.
- Even if SSL inspection were performed at least as well as the browsers do, the risk introduced to users is not zero.
Read the full analysis here – http://www.cert.org/blogs/certcc/post.cfm?EntryID=221