Articles about superfish

Lenovo web page editorial use only

SuperFish cram scandal: Lenovo must now ask nicely before stuffing new PCs with crapware

The US government's trade watchdog, the FTC, has finalized its settlement deal with Lenovo on charges the PC builder sold Americans machines crammed with intrusive adware. The Federal Trade Commission kicked off 2018 announcing it has approved a deal that will end lawsuits against Lenovo in more than three dozen US states – as …
Shaun Nichols, 2 Jan 2018
The Lenovo Yoga Book showing the virtual keyboard

Remember when Lenovo sold PCs with Superfish adware? It just got a mild scolding from FTC

Lenovo on Tuesday settled charges that it compromised the security of its computers to fling ads onto desktops from August 2014 through early 2015. The settlement with America's trade watchdog the FTC, plus 32 State Attorneys General, acknowledges no wrongdoing and imposes no financial penalty – other than a paltry $3.5m to …

Second Dell backdoor root cert found

A second root certificate has been found in new Dell laptops days after the first backdoor was revealed. The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key. Dell has been …
Darren Pauli, 25 Nov 2015
Dell Inspiron 15-7537

Superfish 2.0: Dell ships laptops, PCs with huge internet security hole

Dell ships computers with all the tools necessary for crooks to spy on the owners' online banking, shopping, webmail, and more. The US IT titan installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops. These can be abused by eavesdropping miscreants to silently decrypt encrypted …
Shaun Nichols, 23 Nov 2015
Infosec

Lenovo system update flaws plugged, security world not impressed

Lenovo faces renewed accusations of lax security practices - just three months after the Superfish debacle - after it was obliged to fix flaws in its software update system. Security researchers at IOActive uncovered a mechanism that would have allowed hackers to create a fake certificate authority in order to sign executables …
John Leyden, 6 May 2015

$250K: That's what Lenovo earned to rat you out with Superfish

Lenovo bagged a paltry US$250,000 from the deal that saw it install the Superfish certificate slurper onto PCs, according to reports. The PC maker was last month caught installing the ad/bloat/malware into its consumer PCs, sparking a very considerable backlash once the software's ability to intercept encrypted website …
Darren Pauli, 3 Mar 2015
Infosec

Lenovo: We SWEAR we're done with bloatware, adware and scumware

Barely a week after the breaking of the Superfish scandal, Lenovo has done a complete reverse ferret on bloatware - promising that by the time Windows 10 comes out its systems will be as pure as they can be. “The events of last week reinforce the principle that customer experience, security and privacy must be our top …
Iain Thomson, 27 Feb 2015

EFF fears crims are getting smart to Superfish SSL flaws

The Electronic Frontier Foundation (EFF) says it has found evidence that the security problems with Superfish could be much worse than first thought. Superfish caused such a stink when it was discovered last week because the Komodia software it used borks SSL connections. But EFF researchers have found that the Komodia library …
Iain Thomson, 27 Feb 2015
Dog's backside and tail

Bad dog! PrivDog chews HTTPS, hurls clear text

Sysadmin Hanno Böck has scratched a few more holes in the PrivDog privacy tool, reporting it tracks and sends in clear text a users' visited web URLs to creator AdTrustMedia. The company says the data is anonymous and is used to help prevent attacks such as click fraud, to identify automated bots, and other unspecified threats …
Darren Pauli, 26 Feb 2015
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

Updated Lenovo's domain name lenovo.com appears to have fallen victim to cyber-mischief-makers Lizard Squad. In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the …
Shaun Nichols, 25 Feb 2015
Malware image

Lenovo CTO: Hey, look around – we're not the only ones with a crapware infection

On Friday Lenovo is going to tell the world about how it plans to regain the trust of its users in the wake of the Superfish clusterfuck – and may even launch an independent security audit of its products. "Our goal, in the end, is to make this right," Lenovo's CTO Peter Hortensius told The Register on Tuesday. "It's going to …
Iain Thomson, 25 Feb 2015

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Updated The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo. Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog. What is PrivDog? Let's allow the US Computer Emergency …
John Leyden, 24 Feb 2015

Cert-slurping security firms chop super-fishy features

Security companies Lavasoft and AdTrustMedia, have been found using the SSL slurping certificate - or something very similar - made infamous by the Lenovo-Superfish debacle. Lavasoft used the certificate in its web inspection software Ad-Aware Web Companion and the Alpha testing version of AdBlocker. The software was …
Darren Pauli, 24 Feb 2015

Give us a week to gut Superfish, begs Lenovo CTO

Lenovo's chief technology officer Peter Hortensius has issued another statement on how the company plans to handle Superfish. The missive explains that Lenovo has worked with anti-virus vendors to get their products flattening Superfish whenever a PC starts up and issued a removal tool. Hortensius says Lenovo is now “in the …
Simon Sharwood, 24 Feb 2015

'Lenovo, Superfish put smut on my system' – class-action lawsuit

A California woman has filed the first lawsuit against Lenovo and Superfish over the pair's adware debacle, claiming the "malware" injected smutty pictures into her web browser on her Yoga laptop. A class-action filing [PDF] in the state's southern district court recounts how Jessica Bennett bought a Lenovo Yoga 2 laptop in …
Iain Thomson, 23 Feb 2015

Facebook security chap finds 10 Superfish sub-species

Facebook security researcher Matt Richard says The Social NetworkTM has found at least ten more outfits using the library that gave the Superfish bloat/ad/malware its nasty certificate-evading powers. Richard, a “threats researcher” on Facebook's security team, writes that in 2012 Facebook “... started a project with …
Simon Sharwood, 23 Feb 2015

Mozilla mulls Superfish torpedo

Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops. The move will be another blow against Superfish, which is under a sustained barrage of criticism for its use of a root certificate to launch man-in-the-middle attacks …
Darren Pauli, 23 Feb 2015
Monsters vs. Aliens image

Lenovo to customers: We only just found out about this Superfish vuln – remove it NOW

A bruised Lenovo has finally released a removal tool for the Superfish vuln that hijacks web browsers to inject ads into pages. It comes after the Chinese PC maker spent the past few days attempting to make the bad news about the badware go away, with the claim that it had "stopped preloads [of the Superfish software] …
Kelly Fiveash, 22 Feb 2015

Create a news alert about superfish, or find more stories about superfish.

Biting the hand that feeds IT © 1998–2018