Read for the details: Lenovo Is Breaking HTTPS Security on its Recent Laptops | Electronic Frontier Foundation.
This is a very serious security vulnerability and Lenovo still has no fix to ensure that https is secure.
This is of interest to photographers and video shooters as the Lenovo Y50 notebook provides a 4K display screen, making it a popular choice among the photography and video community.
RT @coldstreams: @Lenovo puts malware on own systems that breaks HTTPS security: http://t.co/HYAHHBvZSN
Yes, this is awfu!
Really awful, as has been Lenovo’s response – their CTO said this morning that is was no big deal and not a problem, while their own security advisory calls it “severe” http://www.zdnet.com/article/lenovo-says-superfish-not-a-security-concern-own-advisory-marks-it-highly-severe/#ftag=RSSbaffb68
Yeah, I’ve been following it pretty closely. Extreme stupidity.
For anyone with a Lenovo PC, go here: https://filippo.io/Badfish/ to check if you have the security vulnerability. If you do, follow the link (on that page) to instructions on how to remove the security vulnerability. This is a very serious security threat that must be taken seriously. This is no joke!
Jeanne Sheldon Am thinking there are plenty of people at Lenovo who are not getting happy performance reviews. From the marketing folks who thought installing malware was a clever idea, to the s/w and h/w team that did not understand how https works. And the CTO who went defensive before knowing what he was talking about, making Lenovo look worse. They’ve done a fair amount of brand damage with this!
Perhaps. It is a Chinese company. Perhaps secure computers in the West is not a goal.
I’ve read the safest place to buy a Windows notebook is at a Microsoft Store as those are bundled with genuine Windows – and not the bloatware that the OEMs put on their own systems. Sounds like a good idea to me! Even the Lenovo systems sold at the Microsoft Store are generic Windows, without Superfish!
Yep. People can also bring their Lenovos that they bought elsewhere into the Microsoft Store to get them re-imaged, which is probably safer that muddling through the instruction yourself (well, not you, Ed :-))
Hah! I just read the blog post of the guy who broke the story – their digital certificate’s password ‘komodia’ was stored as a plain text string inside the superfish .exe file. Good grief!
Ugly, ugly, ugly!