EFF: Lenovo is breaking HTTPS security on its recent laptops

Here is astatement from the Electronic Frontier Foundation on the revelationthat Lenovo has been shipping insecure man-in-the-middle malware on itslaptops. "Lenovo has not just injected ads in a wildly inappropriatemanner, but engineered a massive security catastrophe for its users. Theuse of a single certificate for all of the MITM attacks means that allHTTPS security for at least Internet Explorer, Chrome, and Safari forWindows, on all of these Lenovo laptops, is now broken." Foradditional amusement, see Lenovo'sstatement on the issue.

There are a lot of Lenovo users in LWN's audience. Presumably most of themhave long since done away with the original software, but those who mighthave kept it around would be well advised to look into the issue; this site can evidently indicatewhether a machine is vulnerable or not.