Man-in-the-Middle Attacks on Lenovo Computers - Superfish

Post Reply
User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Man-in-the-Middle Attacks on Lenovo Computers - Superfish

Post by Pigeon » Sat Feb 21, 2015 7:49 pm

Man-in-the-Middle Attacks on Lenovo Computers

It's not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections.

Here's how it works, and here's how to get rid of it.

And you should get rid of it, not merely because it's nasty adware. It's a security risk. Someone with the password -- here it is, cracked -- can perform a man-in-the-middle attack on your security as well.

Since the story broke, Lenovo completely misunderstood the problem, turned off the app, and is now removing it from its computers.

Superfish, as well, exhibited extreme cluelessness by claiming its sofware poses no security risk. That was before someone cracked its password, though.

More

Post Reply