News broke last night that Lenovo has been shipping laptops with a
horrifically dangerous piece of software called Superfish,
which tampers with Windows’ cryptographic security to perform
man-in-the-middle attacks against the user’s browsing. This is
done in order to inject advertising into secure HTTPS pages, a
feature most users don’t want implemented in the most insecure
I don’t know how anyone at Lenovo thought this was a good idea, let alone how it actually got approved and put into use. This has to result in a serious class action lawsuit, right?
See also: This piece by Robert Graham at Errata Security, explaining how he decrypted the software and extracted the certificate.
★ Thursday, 19 February 2015