 |
by Dan Goodin from Ars Technica - All content on (#4E2E)
Assurances on the demise of the dangerous adware are (somewhat) exaggerated.
|
Story
Lenovo apologizes for pre-loaded insecure adware "Superfish"Similar News
by LXer from LinuxQuestions.org on (#49C7)
Published at LXer: Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser's trusted root store. The patch only removes the certificate if the...
 |
Report suggests Lenovo can be bought for peanuts as Mozilla kills dirty cert Lenovo bagged a paltry US$250,000 from the deal that saw it install the Superfish certificate slurper onto PCs, according to reports.…
|
 |
from heise online News on (#3YXS)
Lenovo-Rechner sollen künftig nur noch mit den nötigsten Programmen ausgeliefert werden, verspricht der Hersteller. In der auf einigen Laptops vorinstallierten Adware Superfish wurde zuvor eine schwere Sicherheitslücke entdeckt.
|
 |
by Peter Bright from Ars Technica - All content on (#3YVQ)
After its security disaster, company promises "cleaner, safer PCs."
|
 |
Certificate flaws spotted in variety of important sites The Electronic Frontier Foundation (EFF) says it has found evidence that the security problems with Superfish could be much worse than first thought.…
|
by Mark Anderson from IEEE Spectrum on (#3WK2)
Proposed exemptions to the DMCA could free white hats to make networked devices more secure
 |
by Jack Schofield from on (#3VVA)
Anthony has a new Lenovo laptop and wonders if he should be concerned. Jack Schofield says that’s the tip of the iceberg and everyone should be worried.When I started working abroad about three months ago, my company provided me with a new Lenovo laptop. Should I be worried? AnthonyEveryone should be worried, but not for the obvious reason.
|
by Alex Hern from on (#3VT5)
The hacking collective took over the Lenovo site for several hours on Wednesday, redirecting users to a slideshow of bored teenagersLenovo, the PC maker at the centre of the Superfish controversy, suffered its own security breach on Wednesday when its main website was defaced, redirecting users to a slideshow of pictures of bored-looking teens (apparently the hackers themselves) set to the song Breaking Free from High School Musical.Clicking on the slideshow sends users to the Twitter account of hacking collective the Lizard Squad, while viewing the source of the page reveals a note reading “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey†– two people previously named by security reporter Brian Krebs as being members of the group.Related: How can I find and remove Superfish and similar malware?Expect more lizard mischief soon.Related: What will happen to the Lizard Squad hackers? Continue reading...
 |
by Dan Goodin from Ars Technica - All content on (#3VAZ)
Crypto-busting apps may have been exploited against visitors of Google and dozens more.
|
 |
by Dan Goodin from Ars Technica - All content on (#3TYY)
Valuable Lenovo.com is hijacked, allowing attackers to intercept Lenovo email.
|
 |
Reg reader up in arms about bundled bloatware As Lenovo struggles to extricate itself from the controversy surrounding pre-installed Superfish scumware on its machines, a blast of cruft from the past may give the PC slinger's critics extra ammo this week.…
|
by LXer from LinuxQuestions.org on (#3RZS)
Published at LXer: But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak password to launch a man-in-the-middle attack, but its SSL validation is broken,...
 |
from heise online News on (#3PQQ)
Die Affäre um gefährliche CA-Zertifikate weitet sich aus; nunmehr sind mehr als ein Dutzend Anwendungen bekannt, die Computer anfällig für Man-in-the-Middle-Angriffe machen. Ausgangspunkt: Die SSL-Unterbrechungs-Technologie SSL Digestor von Komodia.
|
 |
Don't Panic, says malware-pusher, Superfish never swam on our servers or arrays Lenovo's chief technology officer Peter Hortensius has issued another statement on how the company plans to handle Superfish.…
|
by LXer from LinuxQuestions.org on (#3PA5)
Published at LXer: Not surprisingly, the controversy over Lenovo installing Superfish adware into its consumer PCs has resulted in a lawsuit. Read More......
 |
by Megan Geuss from Ars Technica - All content on (#3P74)
At least one lawsuit has been filed and one investigation has begun.
|
 |
by Dan Goodin from Ars Technica - All content on (#3P61)
CTO pledges new policy to prevent similar mishaps in the future.
|
 |
Should be open and shut (laptop) case A California woman has filed the first lawsuit against Lenovo and Superfish over the pair's adware debacle, claiming the "malware" injected smutty pictures into her web browser on her Yoga laptop.…
|
from Techreport on (#3R5K)
The Superfish saga continues. In its latest statement about the vulnerability, Lenovo has provided a link to an "automated removal tool" that can rid users of Superfish's ill-fated Virtual Discovery software. The statement also clarifies a few things, including the fact that ThinkPad laptops are, mercifully, unaffected by the Superfish snafu:As we've said previously, Lenovo is exploring every action we can to help our users address ...Read more...
by LXer from LinuxQuestions.org on (#3NDF)
Published at LXer: Owners of Lenovo computers are, therefore, not the only folks at risk of man-in-the-middle (MitM) attacks. So exchanging your Lenovo computer for another Windows brand won’t do...
 |
by Alex Hern from on (#3N35)
Komodia’s SSL hijacking package that could leave users open to security breach discovered in other software besides Lenovo-bundled adware
|
 |
by Rich Brueckner from High-Performance Computing News Analysis | insideHPC on (#3N0B)
While Lenovo now scrambles into Damage Control mode in the wake of the Superfish scandal, the question for our readers is: how will this affect Lenovo's ability to sell to the U.S. Federal supercomputing market?
|
from Techreport on (#3R5M)
It's always a busy month in the field of security. This month has seen its share of ugly stories, including the growing amount of state tax fraud, massive bank heists, and another depressing breach of our personal privacy by a major business. Those stories are all big, but the one that really captivated the attention of our community has been the one about Lenovo and Superfish.That story has all the requisite narrative pieces to be a big tale that riles the enthusiast: a large PC maker pushing crapware onto untold numbers of users, that crapware being adware afflicted with a major security flaw, ...Read more...
|
Cert-jacking 'Komodia' library looks to be widespread Facebook security researcher Matt Richard says The Social Network has found at least ten more outfits using the library that gave the Superfish bloat/ad/malware its nasty certificate-evading powers.…
|
|
by Dan Goodin from Ars Technica - All content on (#3MJ8)
Titles from security firms Lavasoft and Comodo leave users open to easier attacks.
|
by LXer from LinuxQuestions.org on (#3MDX)
Published at LXer: Lenovo is all over the media recently, and not for a good reason. The revelation that it corrupted its computers with the vile Superfish adware has shocked many people in the...
 |
Green-lighted blacklist of compromised certs could be ready in a day Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops.…
|
 |
Chinese vendor belatedly tools up against ad-scumware A bruised Lenovo has released a removal tool for the Superfish vuln that hijacks web browsers to inject ads into pages.…
|
|
from heise online News on (#3JW6)
Der Windows Defender erkennt die Adware Superfish neuerdings als schädlich. Neu ist daran aber nur die Art der Einstufung, denn als problematisch hat Microsoft Superfish bereits vor Jahren erkannt.
|
 |
Rebuilding trust with Trevor, lesson 1: Be open Sysadmin blog Everyone and their dog has an opinion on the Superfish debacle which has struck once mighty Lolnovo Lenovo a potentially critical public relations blow. The Register's own Ian Thomson had little nice to say on the subject, and both social media and anecdotal experience indicate to me that his feelings are reasonably widespread.…
|
 |
from heise online News on (#3HDD)
Lenovo liefert ein Säuberungsprogramm gegen die auf Laptops vorinstallierte Adware Superfish Visual Discovery. Jene hat im Zusammenhang mit Verschlüsselungszertifikaten für Schlagzeilen gesorgt; sie macht PCs anfällig für Man-in-the-Middle-Angriffe.
|
 |
 |
I pointed out earlier that it was fairly astounding that Superfish was basically remaining mostly quiet on the whole controversy over its software. If you've been under a rock, earlier this week, the security community pointed out how Superfish's software (installed by default on certain Lenovo laptops) created a massive security vulnerability. Superfish itself is adware, but that's the least of the problems. The software doesn't track your behavior like other adware, but instead tries to insert other buying options when you're viewing images of certain products. It tries to find the same or similar products that you can buy for less and tell you about them. I could see how that might be interesting for some people on some shopping sites if they chose to use the software. But, by being a default bloatware install on Lenovo laptops, there was no choice. Furthermore, it apparently was trying to do this on every website. And that's where the real problem came in.
|
 |
by Dan Goodin from Ars Technica - All content on (#3GG5)
Denial comes despite near-unanimous agreement that it left Lenovo users wide open.
|
 |
Homeland Security puts a bullet in scumware Updated The US government's Computer Emergency Readiness Team (US-CERT) today said the Superfish ad-injecting malware installed by Lenovo on its new laptops is a "critical" threat to security.…
|
by tronayne from LinuxQuestions.org on (#3GF1)
US-CERT published the subject alert 20FEB2015 at 1210. *Systems Affected*: Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others. *Overview*: “Superfishâ€...
 |
by Dan Goodin from Ars Technica - All content on (#3G9E)
Lenovo wasn't the only one using SSL certs that unlock every SSL site on the Internet.
|
|
by Peter Bright from Ars Technica - All content on (#3G7X)
Signature update removes the dangerous certificate and the VisualDiscovery app.
|
from Hacker News on (#3EMD)
Comments
from Techreport on (#3KK6)
Following the furore over the Superfish snafu, Lenovo is now in full damage-control mode.Speaking to the folks at PC World , Lenovo CTO Peter Hortensius used the words "significant mistake" to describe the firm's decision to ship malware ...Read more...
 |
Laptop biz CTO says there's no security risk – which is why it's labelled it 'severe' +Comment Chinese PC maker Lenovo has published instructions on how to scrub away the Superfish adware it installed on its new laptops – but still bizarrely insists it has done nothing wrong and that there's nothing to worry about.…
|
 |
by Peter Bright from Ars Technica - All content on (#3EF7)
Uninstalling the software doesn't undo the damage it does to your system.
|