Kaspersky updating problem
Ormandy's bug report gave, by way of demonstration, a collision between Hacker News and manchesterct.gov: "If you use Kaspersky Antivirus in Manchester, Connecticut and were wondering why Hacker News didn't work sometimes, it's because of a critical vulnerability that has effectively disabled SSL certificate validation for all 400 million Kaspersky users." Kaspersky fixed the issue on December 28.® Update: Kaspersky has provided the following statement detailing its fixes.Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted authority.If a user opens Google in their browser, for example, the certificate will appear to come from Kaspersky Anti-Virus Personal Root.
When Microsoft releases Windows updates, software companies like Kaspersky try to keep up with them to ensure constant compatibility between their software and the Windows system.If, by this point, you still cannot open Kaspersky, the best thing to do is to uninstall and reinstall the application.To do this, go to Kaspersky's website and follow the instructions for restoring the software. On the site, the button says "download," but clicking it just submits the request.The problem Ormandy identified is that those internal certificates are laughably weak."As new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serial Number