Superfish was certainly a huge abuse of the trust network. However, if we look at other recent SSL vulnerabilities: Heartbleed, POODLE, FREAK - most of these are all dealing with flaws in the encryption (some directly, through most with the use of side-channel or other clever attacks).
We also know that the NSA is saving encrypted messages for mass decryption in the future. New technologies like Perfect Forward Secrecy (PFS) can help eliminate this issue. I think that fact that nearly 100% of servers were still allowing SSL 3 up until the POODLE attack a few months ago highlights how poor most SSL configurations are. Unlike the trust network, which has infrequent but serious breaches, the encryption side seems to be poorly implemented almost universally.
However, unlike Superfish, which we know affected thousands, alot of these other SSL vulnerabilities are usually just PoCs...
Superfish was certainly a huge abuse of the trust network. However, if we look at other recent SSL vulnerabilities: Heartbleed, POODLE, FREAK - most of these are all dealing with flaws in the encryption (some directly, through most with the use of side-channel or other clever attacks).
We also know that the NSA is saving encrypted messages for mass decryption in the future. New technologies like Perfect Forward Secrecy (PFS) can help eliminate this issue. I think that fact that nearly 100% of servers were still allowing SSL 3 up until the POODLE attack a few months ago highlights how poor most SSL configurations are. Unlike the trust network, which has infrequent but serious breaches, the encryption side seems to be poorly implemented almost universally.
However, unlike Superfish, which we know affected thousands, alot of these other SSL vulnerabilities are usually just PoCs...
A complex issue for sure.