Israeli firm Komodia is the firm that developed the "technology" to intercept SSL (that is, https) connexions that Lenovo leveraged in its Superfish software. As of this writing, Komodia is under a denial-of-service attack by hordes of rightfully-offended computer users.
They aren't the only ones to leverage it. A whole bunch of companies did, and the worst damage may be Comodo (an Internet security software firm that also issues one-third of all the Website and E-mail security certificates in the world).
Follow below the orange tangle of punched-tape to read more.
https://filippo.io/... (goes to a Webpage that tests to see if your computer has been compromised with a faked or revoked security certificate; test takes ten seconds and no particular computer skill)
As it turns out, the Superfish malware installed on Lenovo computers that intercepts https:// connexions and ignores revoked and faked security certificates extends way beyond Lenovo, or Windows. All operating systems are affected, and many security programs are also.
It turns out an Israeli company that describes itself as an SSL interception company (for the purpose of providing security) licensed its technology to many security firms (including several anti-virus firms). For example, an add-on for Comodo Internet Security (the anti-virus software I use, and the firm which issues one-third of the security certificates in the world) called PrivDog uses the same technology. PrivDog uses it to intercept unsecure third-party adverts and substitutes adverts with a Comodo certificate. (I did not install the PrivDog “option.” I prefer Better Privacy and block all advertising.)
As it happens, if you have Privdog installed on your computer, it is one real pain to remove. (Instructions can be found here for various versions of Windows. The instructions require being able to negotiate regedit. If you foul up regedit, you foul up your computer; do a backup of the registry before proceeding so you can restore it if it crashes.)
The problem is the Israeli tech cannot differentiate between a valid certificate (like that attached to my E-mail or a Website), a certificate revoked by the owner, and a cancelled certificate (such as one the issuer cancels due to corruption). Thus, anyone can intercept a request for a Webpage (including an SSL page that would request SSNs, names, passwords, or account numbers) by inserting an advert or other information with a faked security certificate.
The link above goes to a test site to see if your anti-virus, firewall, parental nannyware, or security software permits an invalid certificate through. It will simply issue a string with a false certificate: if your computer allows it through, the site will warn you.
It will not tell you what software on your computer is allowing invalid certificates through, but generally people only use one security package (unless they also use nannyware).
https://news.ycombinator.com/... (a forum which describes the problem for techy types)
https://blog.hboeck.de/... (a software engineer describes the problem in detail)
http://www.bbc.com/... (an article at the BBC describing the problem for non-techy types)