By John Gruber
Jiiiii — Free to download, unlock your anime-watching-superpowers today!
The EFF:
News broke last night that Lenovo has been shipping laptops with a horrifically dangerous piece of software called Superfish, which tampers with Windows’ cryptographic security to perform man-in-the-middle attacks against the user’s browsing. This is done in order to inject advertising into secure HTTPS pages, a feature most users don’t want implemented in the most insecure possible way.
I don’t know how anyone at Lenovo thought this was a good idea, let alone how it actually got approved and put into use. This has to result in a serious class action lawsuit, right?
See also: This piece by Robert Graham at Errata Security, explaining how he decrypted the software and extracted the certificate.
★ Thursday, 19 February 2015