Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said. - Ars TechnicaThe CEO of Superfish maintains in a statement that there is no security flaw in the software, which pretty much every other person with any knowledge of SSL and certificates can see is false. It has now even been found that it is even easier to perform a man-in-the-middle attack than previously thought.
The latest update has Lenovo CTO Peter Hortensius saying in an interview with The Wall Street Journal that they "didn't do enough." They are also in the process of writing software that will completely remove all code and data associated with the adware.
In case you wanted to know, if you bought a Lenovo between October 2014 and December 2014 and it is a model in the list below, you probably have Superfish signing certificates and are vulnerable:
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30
No comments:
Post a Comment