You can test your computer here to see if Superfish or any other SSL-disabling product has been installed.If you have a Lenovo laptop and connect to Wi-Fi in cafes, libraries, hotels and someone could snag your HTTPS data. Photo / Thinkstock If you have a Lenovo laptop and connect to Wi-Fi in cafes, libraries, hotels and someone could snag your HTTPS data. Photo / Thinkstock
Do you have a Lenovo laptop, purchased between September last year and February? If so, it might come with a severe security hole, one that was pre-loaded by Lenovo "to enhance the user experience" as the company put it.
Lenovo partnered with a company called Superfish to install the latter's eponymous adware on a range of laptops - which is probably not what users wanted in the first place, but it gets worse.
Superfish comes with technology that breaks Transport Layer Security - TLS - authenticated and encrypted communications, and intercepts such traffic. Browsers usually display a padlock to show that traffic is secured with TLS and HTTPS when you visit internet banking sites for instance.
The technology comes from another company, Komodia, and is badly done with the same digital certificate across several applications (it's not just Superfish that uses it), making it simple for anyone on the same network as the targets to listen in and modify what users think is secure communication.
Connect to Wi-Fi in cafes, libraries, hotels and someone could snag your HTTPS data.
Normally, there would be a warning from the web browser, but thanks to Komodia that trick the system into accepting any old certificate, everything will look fine.
That's bad enough, but Lenovo made it worse and attempted to play down the legitimate howls of outrage from users and security researchers.
http://www.nzherald.co.nz/opinion/news/ ... d=11407041
Nigerian scams, chain letters, pyramid schemes and anything not auction related.
1 post • Page 1 of 1
- Site Admin
- Posts: 15014
- Joined: Wed May 05, 2004 2:25 am
- First Name: Alfie
- Location: Otago
Who is online
Users browsing this forum: No registered users and 1 guest