If you have a Lenovo laptop, you need to read this!

Nigerian scams, chain letters, pyramid schemes and anything not auction related.
Post Reply
User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

If you have a Lenovo laptop, you need to read this!

Post by digidog » Tue Feb 24, 2015 10:57 pm

If you have a Lenovo laptop and connect to Wi-Fi in cafes, libraries, hotels and someone could snag your HTTPS data. Photo / Thinkstock If you have a Lenovo laptop and connect to Wi-Fi in cafes, libraries, hotels and someone could snag your HTTPS data. Photo / Thinkstock

Do you have a Lenovo laptop, purchased between September last year and February? If so, it might come with a severe security hole, one that was pre-loaded by Lenovo "to enhance the user experience" as the company put it.

Lenovo partnered with a company called Superfish to install the latter's eponymous adware on a range of laptops - which is probably not what users wanted in the first place, but it gets worse.

Superfish comes with technology that breaks Transport Layer Security - TLS - authenticated and encrypted communications, and intercepts such traffic. Browsers usually display a padlock to show that traffic is secured with TLS and HTTPS when you visit internet banking sites for instance.

The technology comes from another company, Komodia, and is badly done with the same digital certificate across several applications (it's not just Superfish that uses it), making it simple for anyone on the same network as the targets to listen in and modify what users think is secure communication.

Connect to Wi-Fi in cafes, libraries, hotels and someone could snag your HTTPS data.

Normally, there would be a warning from the web browser, but thanks to Komodia that trick the system into accepting any old certificate, everything will look fine.

That's bad enough, but Lenovo made it worse and attempted to play down the legitimate howls of outrage from users and security researchers.

http://www.nzherald.co.nz/opinion/news/ ... d=11407041
You can test your computer here to see if Superfish or any other SSL-disabling product has been installed.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest