Thought Komodia/Superfish Bug Was Really, Really Bad? It's Much, Much Worse!

But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak password to launch a man-in-the-middle attack, but its SSL validation is broken, such that even if Komodia's proxy client sees an invalid certificate, it just makes it valid. Seriously.