Tell HN: H&R Block tax software installs a TLS backdoor
Sentiment Mix
Geography
Expert Signals
yifanlu
author • 1 mention
Hacker News
source • 1 mention
AI-Generated Claims
Generated from linked receipts; click sources for full context.
Just a PSA for folks here in the US because tax season is coming up and some of you may be using H&R Block Business 2025.
Supported by 1 story
I discovered that the software installs a root CA named "WK ATX ServerHost 2024" (expiry 2049) into your local machine trusted root certificate store.
Supported by 1 story
Demo: https://www.youtube.com/watch?v=5paxvYkz1QETo test if your machine is vulnerable visit this page: https://hrbackdoor.yifanlu.com and if you do not get any warning or error message from your browser then you have the backdoor installed.
Supported by 1 story
If your browser does complain, you can choose to visit the page anyways for more details on the vulnerability.Is...
Supported by 1 story
Related Events
[WARNING] Kimi.com (ok computer + other agents) CRYPTO STEALING MALWARE
Security • 3/21/2026
Widely used Trivy scanner compromised in ongoing supply-chain attack
Security • 3/21/2026
Anthropic sues Trump administration seeking to undo 'supply chain risk' designation - 6abc Philadelphia
LLMs • 3/21/2026
Closure of Hormuz is 'greatest global energy security threat in history'
Security • 3/21/2026
Anthropic sues US defense department over blacklisting
LLMs • 3/21/2026