Lenovo honestly thought you’d enjoy that Superfish HTTPS spyware

by
Nate Anderson
from Ars Technica - All content on (#3DVC)

Imagine that you are a major global seller of laptop computers and that you were just caught preloading those machines with ultra-invasive adware that hijacks even fully encrypted Web sessions by using a self-signed root HTTPS certificate from a company called Superfish. How do you explain why you did it?

If you're Lenovo, you tell customers that you thought they would like having their visits to banking websites interfered with and their machines left open to potential man-in-the-middle attacks!

The company this morning issued an oddly tone-deaf statement addressing the controversy with equal parts innocence and chutzpah. The Superfish software, Lenovo says, was "to help customers potentially discover interesting products while shopping"-apparently by throwing up related ads while visiting encrypted retail sites, which would otherwise be invisible to the adware.

Read 6 remaining paragraphs | Comments

index?i=7CeyVhoF9nw:I9UKuvmiXqI:V_sGLiPB index?i=7CeyVhoF9nw:I9UKuvmiXqI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA7CeyVhoF9nw
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments