Page 1 of 3 123 LastLast
  1.    19 Feb 2015 #1
    Join Date : Feb 2014
    Posts : 487

    Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec


    Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

    The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.
    Read More: Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections | Ars Technica

    Read More: Lenovo Pre-instaling adware/spam - Superfish - pow... - Lenovo Community


    Absolutely appalling! To those who about a week ago were sticking up for computer manufacturers installing crapware on consumers brand new machines, are you also happy for Lenovo to pre-install their own root certificate and perform man-in-the-middle injection on your computer?
      My ComputerSystem Spec
  2.    19 Feb 2015 #2
    Join Date : Jan 2014
    Oak Ridge TN, USA
    Posts : 24,523
    Windows 10 Pro x64

    I would hope that Lenovo will deal with this issue ASAP. It's not a good thing that they let this get out to the people who purchased their products. I just hope that it was done without their(Lenovo's) knowledge of the issue existing.

    Jeff
      My ComputerSystem Spec
  3.    19 Feb 2015 #3
    Join Date : Jan 2014
    Posts : 246

    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
      My ComputerSystem Spec
  4.    19 Feb 2015 #4
    Join Date : Jan 2014
    Oak Ridge TN, USA
    Posts : 24,523
    Windows 10 Pro x64

    Quote Originally Posted by Lady Fitzgerald View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    Beats me.. I have a custom/home built PC so this is really not an issue for me.
      My ComputerSystem Spec
  5.    19 Feb 2015 #5
    Join Date : Jan 2014
    Pentland Hills
    Posts : 68
    Windows 10 Pro x64 TH2

    Every laptop or pc that I have ever bought gets wiped and a clean install of whatever OS I want. That not only gets rid of all the bumf, but all the gnarly bits as well. But Lenovo aren't the only company this has happened to.
      My ComputerSystem Spec
  6.    19 Feb 2015 #6
    Join Date : Jun 2014
    Posts : 5,456
    Windows 10 Pro

    Quote Originally Posted by Lady Fitzgerald View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    In IE go to Tools - Internet Options - Content - Certificates.
      My ComputerSystem Spec
  7.    19 Feb 2015 #7
    Join Date : Jan 2014
    Get Off My Lawn
    Posts : 4,223
    Win10 Pro

    Quote Originally Posted by Lady Fitzgerald View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    1) Open Start
    2) Type "cert" into the search box > settings
    3) Select the search result that says "Manage computer certificates"
    4) Go to "Trusted Root Certification Authorities"
    5) Delete anything belonging to Superfish
      My ComputersSystem Spec
  8.    19 Feb 2015 #8
    Join Date : Jun 2014
    Posts : 5,456
    Windows 10 Pro

    Quote Originally Posted by COMPUTIAC View Post
    Quote Originally Posted by Lady Fitzgerald View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    1) Open Start
    2) Type "cert" into the search box > settings
    3) Select the search result that says "Manage computer certificates"
    4) Go to "Trusted Root Certification Authorities"
    5) Delete anything belonging to Superfish
    Is that the same as checking in IE and Firefox? I checked in IE and Firefox and didn't find anything. I'm on A HP instead of a Lenovo and wanted to make sure HP didn't do the same thing.
      My ComputerSystem Spec
  9.    19 Feb 2015 #9
    Join Date : Jan 2014
    Get Off My Lawn
    Posts : 4,223
    Win10 Pro

    No, its not the same as Firefox, I don't use IE and haven't checked.
    I went thru search in Win 10 to get the results.
    I did a clean install of Win 10 on my Lenovo lappy, bought in March of 2014.
      My ComputersSystem Spec
  10.    19 Feb 2015 #10
    Join Date : Jan 2014
    Posts : 246

    These are the directions I found that actually worked. Why the big, fat, hairy heck couldn't all the other "experts" (the ones who get twice the wear from a toilet seat) provide these with their articles?

    Ifyou are running a Lenovo device you may want to check if the certificate isinstalled on the device and remove it if it is.

    1. Tap on the Windows-key to bring up the start menu or start screen.
    2. Type certmgr.msc and hit enter. This opens the Certificate Manager.
    3. Use the folder structure on the left to navigate to Trusted Root Certification Authorities -> Certificates.
    4. Check if Superfish Inc. is listed among the certificates.
    5. If it is, right-click the certificate and select Delete from the context menu to remove it.

      My ComputerSystem Spec

 
Page 1 of 3 123 LastLast


Similar Threads
Thread Forum
Update breaks Bluetooth.
Don't know if anyone else has suffered this problem, but an update earlier today (Toshiba RFBUS) has broken Bluetooth on my PC. Bluetooth is showing (without errors) in Device Manager but it does not work. A search for 'bluetooth settings' in Win...
Drivers and Hardware
Will Windows 10 Ship With Outlook?
I have read in a couple of different places that Windows 10 will ship with Outlook straight out of the box. If this is true, then there will be no incentive for me to buy Microsoft Office Professional. Does anybody know if this is true. ...
Software and Apps
1rst Try at Clean Install of 10122 breaks bootloader of Win 7
Have been dual booting Win 7 and Win 10 previews on two Samsung ssd's. I've had no problem with updating each build then extracting the Iso with ESD to Iso then doing a clean install until the switch from 10074 to 10122. Let it update on fast...
Installation and Upgrade
10061 No graphics, now black screen w/ cursor in middle @ startup
Hi I just installed build 10061 on my laptop, after creating an ISO from the ESD file downloaded in the update and using it to make a clean install, when it rebooted and I went through OOBE, i then obviously went to install drivers, but when...
Drivers and Hardware
Windows 10 Preview Won't Ship to Standard Users
More
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:47.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums