Canadian TV, Computing and Home Theatre Forums - View Single Post - Lenovo caught installing adware on new computers
View Single Post
post #4 of (permalink) Old 2015-02-19, 10:34 PM Thread Starter
905shmick
 
Join Date: Nov 2007
Location: Richmond Hill, ON
Posts: 432
From https://www.eff.org/deeplinks/2015/0...ty-its-laptops

Lenovo has not just injected ads in a wildly inappropriate manner, but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken. If you access your webmail from such a laptop, any network attacker can read your mail as well or steal your password. If you log into your online banking account, any network attacker can pilfer your credentials. All an attacker needs in order to perform these attacks is a copy of the Superfish MITM private key. There is (apparently) a copy of that key inside every Superfish install on every affected Lenovo laptop, which has now been extracted and posted online.

DB4e | CPA19 | 2 x HDTC-2US | Mac Mini | EyeTV 3
My scanning and reporting scripts here
905shmick is offline  
 
 
For the best viewing experience please update your browser to Google Chrome