All of a sudden, Amazon pages have started throwing errors about an SSL certificate from swedishfish-221529501.us-east-1.elb.amazonaws.com. This is being used to "verify" the SSL connection to fetch a 1x1 transparent PNG image, https://sf-696745784.us-east-1.elb.amazonaws.com/sf.png.
Googling those revealed precisely fuck all, so I looked at the page source, and found this (I have prettyprinted it, but have not altered it in any other way):
This looks to me like they are trying to gather stats on how many people accessing Amazon are affected by the Lenovo Superfish vulnerability. This, in case you haven't heard of it, is factory malware installed by Lenovo on laptops enabling them to MITM SSL connections and send Lenovo details of all your shit.
All very well, I guess, but it would have been nice to have been FUCKING TOLD that Amazon have deliberately included code on their website that causes the browser to throw up certificate errors, instead of seeing this dodgy-looking certificate error pop up out of the blue and wondering if Amazon themselves have been hacked or what.
OH THANKS A FUCKING LOT, AMAZON, YOU WANKERS. Include code to test people's computers for Superfish vulnerability, then when you find it don't bother to tell them, oh no, just write it down in your fucking private notebook and let them carry right on in happy ignorance. FUCKSAKE.
Not to mention that the test is shit anyway because people with a less suspicious mentality aren't going to think about stuff like this; they will just unthinkingly click "accept" when the browser complains about the dodgy certificate so the test results will contain shitloads of false positives. Because people are thick and this is what they do. Like when they install antivirus software and then click "accept" and "don't ask me again" on all the warnings and then whine about getting virused even though they've got antivirus software installed it isn't fair this software is no good etc etc etc.
The certificate details are:
Certificate name sf-696745784.us-east-1.elb.amazonaws.com Amazon.com WA US emailAddress: firstname.lastname@example.org Issuer swedishfish-221529501.us-east-1.elb.amazonaws.com Amazon.com Seattle WA US emailAddress: email@example.com Certificate version 3 Serial number 0x1001 Not valid before 21/02/15 01:09:00 GMT Not valid after 21/02/16 01:09:00 GMT Fingerprint (SHA-1) B2 52 37 3A 8C 42 74 AF 89 E6 CB D9 FB 23 2B A9 FF 11 CD CA Fingerprint (SHA-256) C9 E2 6E 51 66 98 46 8B 2D 2F A5 20 F5 8D 93 96 9E 13 AF 6F 37 76 52 E3 09 F7 6D 99 65 EA EF B0 Public key(1024 bits) Public key algorithm rsaEncryption Modulus: 00: EF 5A 4F 80 28 B0 F3 EE 4B 52 23 CD 11 BB 7F 54 10: E6 AB D9 93 86 F8 66 4C 33 FE 79 52 F2 BA F3 6E 20: 79 2C 5A 63 22 3D BC CA 2D 7A DE 8F 8E 4B D7 53 30: F4 6F 45 2B FE 68 2D 85 7E CB 97 45 29 02 D3 D6 40: F6 0C A8 14 1C 06 F0 C1 04 70 31 58 19 F0 02 B4 50: 2B F7 46 04 94 A6 DC 58 C2 6C 5A 7E 53 65 18 E5 60: 62 37 F9 DD B9 E0 11 88 C5 24 85 C2 01 31 EF 3A 70: 3A 2A 27 78 2B 18 56 FD 0F 30 9E 19 36 49 BE F9 Exponent: 01 00 01 Signature Signature algorithm sha256WithRSAEncryption Signature 00: C2 30 B6 FE 05 5B C2 89 14 D8 DF C8 19 BC DA E7 10: 23 48 4A 19 E7 AF F1 47 85 5C 10 2B 41 C4 CC E9 20: 3F 16 FF 16 72 5E C7 5F CA B8 A9 49 1B 95 C9 D3 30: 8B CB 52 94 5B 56 00 97 EC 7D D6 9C 3F 86 63 2F 40: 4D 60 62 8A 45 90 96 17 69 2A 5A 24 E3 D4 13 D7 50: 34 1F F4 D3 5B ED 91 C9 75 14 39 34 4B 28 8C 2D 60: 63 E8 2F D1 73 14 34 D2 F3 A7 82 3F 3E 36 B7 FD 70: 1C 3E 62 F5 3E 98 FF 26 60 93 F6 41 E1 3F 29 81 Extensions X509v3 Basic Constraints CA:FALSE Netscape Comment OpenSSL Generated Certificate X509v3 Subject Key Identifier E9:FA:61:BC:C9:E8:C6:1E:95:D1:89:CA:A4:0E:9E:01:F1:E7:0E:F6 X509v3 Authority Key Identifier keyid:FB:98:B3:53:7F:14:44:2E:E8:EE:D5:09:9A:5E:0E:56:86:A8:35:88
Googling this stuff reveals that the above "Authority Key Identifier" is common to "genuine" Superfish certificates from the actual Superfish malware itself.
Back to Pigeon's Nest
Be kind to pigeons