Article 3P61 Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry

Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry

by
Dan Goodin
from Ars Technica - All content on (#3P61)

Lenovo's top technical executive apologized once again for pre-installing laptops with software that intercepted customers' encrypted Web traffic, and the company has gone on to outline plans to ensure that similar mistakes don't happen again.

"This software frustrated some users without adding value to the experience so we were in the process of removing it from our preloads," Lenovo CTO Peter Hortensius wrote in an open letter published Monday afternoon. "Then, we saw published reports about a security vulnerability created by this software and have taken immediate action to remove it. Clearly this issue has caused concern among our customers, partners, and those who care about Lenovo, our industry and technology in general. For this, I would like to again apologize."

Hortensius went on to enumerate the ways affected customers can remove Superfish software, which installs a dangerous Secure Sockets Layer credential in the root certificate authority folder of affected PCs. In addition to an automated removal tool created and distributed by Lenovo, antivirus software from Microsoft, McAfee, and Symantec will also detect and remove the threat. Hortensius said that Lenovo plans to release an updated system for addressing software vulnerabilities and security threats. Options include creating a "cleaner PC image," working with customers and security professionals to create a better policy for pre-installed software, and "soliciting and assessing the opinions of even our harshest critics" as they relate to product security.

Read 2 remaining paragraphs | Comments

index?i=cqWE2D5HtkQ:-Eo-19vtdzc:V_sGLiPB index?i=cqWE2D5HtkQ:-Eo-19vtdzc:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zAcqWE2D5HtkQ
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments