Lenovo CTO says, “We didn’t do enough,” promises to wipe Superfish off PCs

by
Dan Goodin
from Ars Technica - All content on (#3EDT)

Lenovo officials are starting to come around to something most people in security circles are saying in an almost unanimous voice-the pre-installation of a fake HTTPS certificate on consumer laptops puts banking passwords and other sensitive information at risk of theft by man-in-the-middle hackers.

"We agree that this was not something we want to have on the system, and we realized we needed to do more," Lenovo CTO Peter Hortensius said in an interview with The Wall Street Journal, referring to adware from a company called Superfish. "Obviously in this case we didn't do enough."

Hortensius went on to say company developers are in the process of writing software that will completely remove all code and data associated with the adware, which is marketed by a company called Superfish. He didn't provide a timeline for when the removal software would be available to end users. Hortensius' statement and the pledge to remove Superfish represent an about-face from Lenovo's previous position that there were no security concerns associated with the adware.

Read 3 remaining paragraphs | Comments

index?i=86qgfr4ks5Y:e1uWewwa2dE:V_sGLiPB index?i=86qgfr4ks5Y:e1uWewwa2dE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA86qgfr4ks5Y
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments