Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec

COMPUTIAC · 19 Feb 2015

OK, that works good also. How can we tell if all these other certs listed are spies or not ?
A lot of them I never heard of, but why do I need one for Go Daddy ?

Dude · 19 Feb 2015

COMPUTIAC said:

OK, that works good also. How can we tell if all these other certs listed are spies or not ?
A lot of them I never heard of, but why do I need one for Go Daddy ?

That is probably a ssl certificate from a shopping site

Lady Fitzgerald · 19 Feb 2015

Dude said:

COMPUTIAC said:

OK, that works good also. How can we tell if all these other certs listed are spies or not ?
A lot of them I never heard of, but why do I need one for Go Daddy ?

That is probably a ssl certificate from a shopping site

Go Daddy is a privately held Internet domain registrar and web hosting company.

Dude · 19 Feb 2015

Lady Fitzgerald said:

Dude said:

COMPUTIAC said:

OK, that works good also. How can we tell if all these other certs listed are spies or not ?
A lot of them I never heard of, but why do I need one for Go Daddy ?

That is probably a ssl certificate from a shopping site

Go Daddy is a privately held Internet domain registrar and web hosting company.

Yep, and probably a site he has shopped at goes through go daddy

https://www.godaddy.com/ssl.aspx

z3r010 · 19 Feb 2015

Godaddy also sell/issue ssl,the ones we use from time to time are listed as godaddy.

COMPUTIAC · 19 Feb 2015

Never been to a Go Daddy site. I used this as an example.
Is there any way to tell if any of these certificates, going by any name, should be deleted ?

z3r010 · 19 Feb 2015

But godaddy sign the certificates it could be any old random site, you wouldn't know unless you checked every sites SSL when you visited it.

I think they also do shared SSL that would also show their name.

ARC1020 · 19 Feb 2015

Official [and insufficient at the moment] Lenovo Visual Discovery/Superfish removal instructions can be found at the following link:
Removal Instructions for VisualDiscovery Superfish... - Lenovo Community

Note text at the bottom, which reads "...this article will be updated with additional instructions on clean up of deactivated files and removal of certificate shortly". (Athough it's been like that for quite a while now).

------

You can however find unofficial removal instructions at the following link:
https://filippo.io/Badfish/removing.html

Mystere · 19 Feb 2015

Please do not go randomly deleting things without first having some idea whether you should or not. Clearly, the superfish cert should be removed, but don't go removing other ones because you think "I don't use those". You may or may not, but you wouldn't know if you did.

Those are "Root Certificates", and are the public key certificates that root certificate authorities issue that allow you to decode the encrypted traffic (HTTPS) from banks, shopping sites, or pretty much anything that uses HTTPS from an authority. They purchase their certs from GoDaddy or other vendors who sign those certficates with their private keys. This gives you the ability to decode those keys for sites that have bought certificates from them, and they could literally be anyone.

So unless you want to suddenly start getting certificate errors and/or not be able to use random sites on the internet for no apparent reason, don't just go deleting these without very good knowledge of what you are doing.

ARC1020 · 19 Feb 2015

COMPUTIAC said:

Never been to a Go Daddy site. I used this as an example.
Is there any way to tell if any of these certificates, going by any name, should be deleted ?

Not that I'm aware of. One of the weaknesses with Public Key Infrastructure is that you have to trust Certificate Authorities.

Which as previously seen with breaches of Comodo CA, DigiNotar CA, etc. that isn't always the case.