Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec

Page 1 of 3 123 LastLast
    Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec

    Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec


    Posted: 19 Feb 2015

    Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

    The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.
    Read More: Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections | Ars Technica

    Read More: Lenovo Pre-instaling adware/spam - Superfish - pow... - Lenovo Community


    Absolutely appalling! To those who about a week ago were sticking up for computer manufacturers installing crapware on consumers brand new machines, are you also happy for Lenovo to pre-install their own root certificate and perform man-in-the-middle injection on your computer?
    Posted By: ARC1020
    19 Feb 2015


  1. Posts : 22,740
    Windows 10 Home x64
       #1

    I would hope that Lenovo will deal with this issue ASAP. It's not a good thing that they let this get out to the people who purchased their products. I just hope that it was done without their(Lenovo's) knowledge of the issue existing.

    Jeff
      My Computer

  2.    #2

    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
      My Computer


  3. Posts : 22,740
    Windows 10 Home x64
       #3

    Lady Fitzgerald said:
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    Beats me.. I have a custom/home built PC so this is really not an issue for me.
      My Computer


  4. Posts : 71
    Windows 10 Pro x64
       #4

    Every laptop or pc that I have ever bought gets wiped and a clean install of whatever OS I want. That not only gets rid of all the bumf, but all the gnarly bits as well. But Lenovo aren't the only company this has happened to.
      My Computer


  5. Posts : 7,128
    Windows 10 Pro Insider
       #5

    Lady Fitzgerald said:
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    In IE go to Tools - Internet Options - Content - Certificates.
      My Computers

  6.    #6

    Lady Fitzgerald said:
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    1) Open Start
    2) Type "cert" into the search box > settings
    3) Select the search result that says "Manage computer certificates"
    4) Go to "Trusted Root Certification Authorities"
    5) Delete anything belonging to Superfish
      My Computer


  7. Posts : 7,128
    Windows 10 Pro Insider
       #7

    COMPUTIAC said:
    Lady Fitzgerald said:
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    1) Open Start
    2) Type "cert" into the search box > settings
    3) Select the search result that says "Manage computer certificates"
    4) Go to "Trusted Root Certification Authorities"
    5) Delete anything belonging to Superfish
    Is that the same as checking in IE and Firefox? I checked in IE and Firefox and didn't find anything. I'm on A HP instead of a Lenovo and wanted to make sure HP didn't do the same thing.
      My Computers

  8.    #8

    No, its not the same as Firefox, I don't use IE and haven't checked.
    I went thru search in Win 10 to get the results.
    I did a clean install of Win 10 on my Lenovo lappy, bought in March of 2014.
      My Computer

  9.    #9

    These are the directions I found that actually worked. Why the big, fat, hairy heck couldn't all the other "experts" (the ones who get twice the wear from a toilet seat) provide these with their articles?

    Ifyou are running a Lenovo device you may want to check if the certificate isinstalled on the device and remove it if it is.

    1. Tap on the Windows-key to bring up the start menu or start screen.
    2. Type certmgr.msc and hit enter. This opens the Certificate Manager.
    3. Use the folder structure on the left to navigate to Trusted Root Certification Authorities -> Certificates.
    4. Check if Superfish Inc. is listed among the certificates.
    5. If it is, right-click the certificate and select Delete from the context menu to remove it.

      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:39.
Find Us




Windows 10 Forums