Story 3GD2 Lenovo apologizes for pre-loaded insecure adware "Superfish" Similar

Story

Lenovo apologizes for pre-loaded insecure adware "Superfish"

Similar News

Two weeks on, Superfish debacle still causing pain for some Lenovo customers
Assurances on the demise of the dangerous adware are (somewhat) exaggerated.
Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox
Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser's trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however.
LXer: Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox
Published at LXer: Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser's trusted root store. The patch only removes the certificate if the...
$250K: That's what Lenovo earned to RAT YOU OUT with Superfish
Report suggests Lenovo can be bought for peanuts as Mozilla kills dirty cert Lenovo bagged a paltry US$250,000 from the deal that saw it install the Superfish certificate slurper onto PCs, according to reports.…
Getting Superfish Out of Firefox
Comments
Lenovo promises bloatware-free PCs, free McAfee subscriptions for Superfish victims
Nach Superfish-Debakel: Lenovo will weniger Programme vorinstallieren
Lenovo-Rechner sollen künftig nur noch mit den nötigsten Programmen ausgeliefert werden, verspricht der Hersteller. In der auf einigen Laptops vorinstallierten Adware Superfish wurde zuvor eine schwere Sicherheitslücke entdeckt.
Lenovo promises to cut the crapware in the wake of Superfish debacle
After its security disaster, company promises "cleaner, safer PCs."
EFF fears crims are getting smart to Superfish SSL flaws
Certificate flaws spotted in variety of important sites The Electronic Frontier Foundation (EFF) says it has found evidence that the security problems with Superfish could be much worse than first thought.…
Is the Lenovo/Superfish Debacle a Call to Arms for Hacktivists?
Proposed exemptions to the DMCA could free white hats to make networked devices more secure
How can I find and remove Superfish and similar malware?
Anthony has a new Lenovo laptop and wonders if he should be concerned. Jack Schofield says that’s the tip of the iceberg and everyone should be worried.When I started working abroad about three months ago, my company provided me with a new Lenovo laptop. Should I be worried? AnthonyEveryone should be worried, but not for the obvious reason.
Lenovo website hacked and defaced by Lizard Squad in Superfish protest
The hacking collective took over the Lenovo site for several hours on Wednesday, redirecting users to a slideshow of bored teenagersLenovo, the PC maker at the centre of the Superfish controversy, suffered its own security breach on Wednesday when its main website was defaced, redirecting users to a slideshow of pictures of bored-looking teens (apparently the hackers themselves) set to the song Breaking Free from High School Musical.Clicking on the slideshow sends users to the Twitter account of hacking collective the Lizard Squad, while viewing the source of the page reveals a note reading “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey” – two people previously named by security reporter Brian Krebs as being members of the group.Related: How can I find and remove Superfish and similar malware?Expect more lizard mischief soon.Related: What will happen to the Lizard Squad hackers? Continue reading...
EFF unearths evidence of possible Superfish-style attacks in the wild
Crypto-busting apps may have been exploited against visitors of Google and dozens more.
Attackers protesting Superfish debacle hijack Lenovo e-mail, spoof website
Valuable Lenovo.com is hijacked, allowing attackers to intercept Lenovo email.
Thought Komodia/Superfish Bug Was Really, Really Bad? It's Much, Much Worse!
But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak password to launch a man-in-the-middle attack, but its SSL validation is broken, such that even if Komodia's proxy client sees an invalid certificate, it just makes it valid. Seriously.
OK Lenovo, you're no longer shipping Superfish. What about that POKKI, man?
Reg reader up in arms about bundled bloatware As Lenovo struggles to extricate itself from the controversy surrounding pre-installed Superfish scumware on its machines, a blast of cruft from the past may give the PC slinger's critics extra ammo this week.…
LXer: Thought Komodia/Superfish Bug Was Really, Really Bad? It's Much, Much Worse!
Published at LXer: But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak password to launch a man-in-the-middle attack, but its SSL validation is broken,...
Lenovo Sued Over Superfish Adware
Not surprisingly, the controversy over Lenovo installing Superfish adware into its consumer PCs has resulted in a lawsuit.
Gefährliche Adware: Mehr als ein Dutzend Anwendungen verbreiten Superfish-Zertifikat
Die Affäre um gefährliche CA-Zertifikate weitet sich aus; nunmehr sind mehr als ein Dutzend Anwendungen bekannt, die Computer anfällig für Man-in-the-Middle-Angriffe machen. Ausgangspunkt: Die SSL-Unterbrechungs-Technologie SSL Digestor von Komodia.
Give us a week to GUT Superfish, begs Lenovo CTO
Don't Panic, says malware-pusher, Superfish never swam on our servers or arrays Lenovo's chief technology officer Peter Hortensius has issued another statement on how the company plans to handle Superfish.…
LXer: Lenovo Sued Over Superfish Adware
Published at LXer: Not surprisingly, the controversy over Lenovo installing Superfish adware into its consumer PCs has resulted in a lawsuit. Read More......
Lenovo users lawyer up over hole-filled, HTTPS-breaking Superfish adware
At least one lawsuit has been filed and one investigation has begun.
Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry
CTO pledges new policy to prevent similar mishaps in the future.
How to delete Superfish from Lenovo computers permanently
Owners of Lenovo computers are, therefore, not the only folks at risk of man-in-the-middle (MitM) attacks. So exchanging your Lenovo computer for another Windows brand won’t do you much good.A real solution, a final solution, is one that does not involve the parties that caused the problem in the first place. And that solution is this:
'Lenovo, Superfish put smut on my system' – class-action lawsuit
Should be open and shut (laptop) case A California woman has filed the first lawsuit against Lenovo and Superfish over the pair's adware debacle, claiming the "malware" injected smutty pictures into her web browser on her Yoga laptop.…
Lenovo posts Superfish removal tool; user files lawsuit
The Superfish saga continues. In its latest statement about the vulnerability, Lenovo has provided a link to an "automated removal tool" that can rid users of Superfish's ill-fated Virtual Discovery software. The statement also clarifies a few things, including the fact that ThinkPad laptops are, mercifully, unaffected by the Superfish snafu:As we've said previously, Lenovo is exploring every action we can to help our users address ...Read more...
LXer: How to delete Superfish from Lenovo computers permanently
Published at LXer: Owners of Lenovo computers are, therefore, not the only folks at risk of man-in-the-middle (MitM) attacks. So exchanging your Lenovo computer for another Windows brand won’t do...
Superfish means its time to get rid of your Lenovo computer
Lenovo is all over the media recently, and not for a good reason. The revelation that it corrupted its computers with the vile Superfish adware has shocked many people in the computing world. It’s almost impossible to believe that a company could be so incredibly stupid and so unbelievably uncaring about the security of its customers.
'Superfish'-style vulnerability found in games and parental control software
Komodia’s SSL hijacking package that could leave users open to security breach discovered in other software besides Lenovo-bundled adware
The Superfish Funder List
Comments
Radio Free HPC on Lenovo’s Slipup with Superfish
While Lenovo now scrambles into Damage Control mode in the wake of the Superfish scandal, the question for our readers is: how will this affect Lenovo's ability to sell to the U.S. Federal supercomputing market?
The rest of the story: Komodia, Lenovo, and Superfish
It's always a busy month in the field of security. This month has seen its share of ugly stories, including the growing amount of state tax fraud, massive bank heists, and another depressing breach of our personal privacy by a major business. Those stories are all big, but the one that really captivated the attention of our community has been the one about Lenovo and Superfish.That story has all the requisite narrative pieces to be a big tale that riles the enthusiast: a large PC maker pushing crapware onto untold numbers of users, that crapware being adware afflicted with a major security flaw, ...Read more...
Lenovo hit with lawsuit over Superfish snafu
Comments
Check for bad certs from Komodia / Superfish
Comments
Facebook security chap finds 10 Superfish sub-species
Cert-jacking 'Komodia' library looks to be widespread Facebook security researcher Matt Richard says The Social Network has found at least ten more outfits using the library that gave the Superfish bloat/ad/malware its nasty certificate-evading powers.…
Security software found using Superfish-style code, as attacks get simpler
Titles from security firms Lavasoft and Comodo leave users open to easier attacks.
LXer: Superfish means its time to get rid of your Lenovo computer
Published at LXer: Lenovo is all over the media recently, and not for a good reason. The revelation that it corrupted its computers with the vile Superfish adware has shocked many people in the...
Comodo ships Adware Privdog worse than Superfish
Comments
Mozilla mulls Superfish torpedo
Green-lighted blacklist of compromised certs could be ready in a day Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops.…
Lenovo: Hey customers, we only just found out about this Superfish vuln – remove it ASAP
Chinese vendor belatedly tools up against ad-scumware A bruised Lenovo has released a removal tool for the Superfish vuln that hijacks web browsers to inject ads into pages.…
Falls ihr, wie ich, vor der Lenovo-Nummer noch nie von Superfish gehört hattet, und euch dachtet, hey, das wird irgendeine Chinesische Malwarebude sein, aus der selben Ecke wie früher die ga
Microsofts Virenscanner entfernt Superfish
Der Windows Defender erkennt die Adware Superfish neuerdings als schädlich. Neu ist daran aber nur die Art der Einstufung, denn als problematisch hat Microsoft Superfish bereits vor Jahren erkannt.
Superfish: Lenovo? More like Lolnono – until they get real on privacy
Rebuilding trust with Trevor, lesson 1: Be open Sysadmin blog Everyone and their dog has an opinion on the Superfish debacle which has struck once mighty Lolnovo Lenovo a potentially critical public relations blow. The Register's own Ian Thomson had little nice to say on the subject, and both social media and anecdotal experience indicate to me that his feelings are reasonably widespread.…
Exploiting the Superfish certificate
Comments
Lenovo stellt Superfish-Deinstallationstool bereit
Lenovo liefert ein Säuberungsprogramm gegen die auf Laptops vorinstallierte Adware Superfish Visual Discovery. Jene hat im Zusammenhang mit Verschlüsselungszertifikaten für Schlagzeilen gesorgt; sie macht PCs anfällig für Man-in-the-Middle-Angriffe.
Lenovo's SuperFish Removal Tool on GitHub
Comments
Superfish Keeps Digging Deeper And Deeper Hole: Still Refuses To Acknowledge Seriousness Of What Its Software Did
I pointed out earlier that it was fairly astounding that Superfish was basically remaining mostly quiet on the whole controversy over its software. If you've been under a rock, earlier this week, the security community pointed out how Superfish's software (installed by default on certain Lenovo laptops) created a massive security vulnerability. Superfish itself is adware, but that's the least of the problems. The software doesn't track your behavior like other adware, but instead tries to insert other buying options when you're viewing images of certain products. It tries to find the same or similar products that you can buy for less and tell you about them. I could see how that might be interesting for some people on some shopping sites if they chose to use the software. But, by being a default bloatware install on Lenovo laptops, there was no choice. Furthermore, it apparently was trying to do this on every website. And that's where the real problem came in.
Lenovo officially responds to Superfish, releases list of affected systems
Superfish doubles down, says HTTPS-busting adware poses no security risk
Denial comes despite near-unanimous agreement that it left Lenovo users wide open.
US cyber-cops declare WAR on Superfish ad-spewing malware lurking in Lenovo laptops
Homeland Security puts a bullet in scumware Updated The US government's Computer Emergency Readiness Team (US-CERT) today said the Superfish ad-injecting malware installed by Lenovo on its new laptops is a "critical" threat to security.…
12