2015 February 23
originally posted on facebook

Since September, Lenovo has been shipping laptops with pre-installed malware that spies on all network activity – including encrypted – and sends it to a remote server under the guise of injecting targeted ads (“to assist customers with discovering products similar to what they are viewing”). Naturally the company that sells this malware did such a bad job of it (the password to unlock the SSL private key is “komodia”, the name of the company) that as a side effect, others on the same network as an infected computer can also view or modify any encrypted network traffic from that computer.






Follow RSS/Atom feed or twitter for updates.