So the NSA and GHCQ can decrypt my traffic. If they were to ask I would tell them. With Superfish any scrote upstream can dive into one's SSL connection - the passphrase on the encryped certificate is komodia.
I'm sure it wouldn't need a rocket scientist to be able to create this scenario.
Sit in a coffee house with free wifi and wait for a corporate laptop with automatically detect settings configured to connect. Pass him wpad settings to point his connection to your proxy server. Wait until you see him accepting superfish traffic and then start logging.
Or is as simple as tapping all traffic and crunching the packet transfers.
A friend surfing in