Sign in to follow this  

Lenovo Admits they “Messed Up”, Offers Superfish Removal Instructions

Recommended Posts

Just posted this article on Lenovo's Superfish debacle. What do you guys think?



Top notebook manufacturer, Lenovo, has recently become the subject of national spotlight after it was discovered that they were shipping laptops with pre-installed software that made it possible for hackers to monitor user activity and steal sensitive data.

The software, produced by Palo Alto based advertising company, Superfish, is a shopping tool designed to “aid users” by recommending products based on users browsing habits. In order to do this, the Superfish software intercepts data going in and out of a user’s system. While Lenovo originally described Superfish software as harmless, cyber security experts quickly debunked the notion. Because Superfish sits between a user and the internet, it exposes a user to potential man in the middle attacks, and because it includes a universal self signed SSL security certificate, it could expose users to potential man in the middle attack even on secure websites. Furthermore, because the SSL certificate’s private key was the same across all infected laptops, it was also possible for a hacker to extract the key and use it to monitor encrypted communications between other infected systems.



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this