2015 February 23
originally posted on facebook

Since September, Lenovo has been shipping laptops with pre-installed malware that spies on all network activity – including encrypted – and sends it to a remote server under the guise of injecting targeted ads (“to assist customers with discovering products similar to what they are viewing”). Naturally the company that sells this malware did such a bad job of it (the password to unlock the SSL private key is “komodia”, the name of the company) that as a side effect, others on the same network as an infected computer can also view or modify any encrypted network traffic from that computer.

Slate

https://www.theverge.com/2015/2/19/8069127/superfish-password-certificate-cracked-lenovo

https://www.theverge.com/2015/2/19/8067505/lenovo-installs-adware-private-data-hackers

http://support.lenovo.com/us/en/product_security/superfish

https://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

Follow RSS/Atom feed or twitter for updates.