Man-in-the-Middle Attacks on Lenovo Computers
It's not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that man-in-the-middles TLS connections.
And you should get rid of it, not merely because it's nasty adware. It's a security risk. Someone with the password -- here it is, cracked -- can perform a man-in-the-middle attack on your security as well.
Superfish, as well, exhibited extreme cluelessness by claiming its sofware poses no security risk. That was before someone cracked its password, though.
EDITED TO ADD (2/23): Another good article.
EDITED TO ADD (2/24): More commentary.
EDITED TO ADD (3/12): Rumors are that any software from Barak Weichselbaum may be vulnerable. This site tests for the vulnerability. Better removal instructions.
Posted on February 20, 2015 at 3:43 PM • 72 Comments