Windows 10: Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec

Page 1 of 3 123 LastLast
  1.    19 Feb 2015 #1

    Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS Connec


    Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

    The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.
    Read More: Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections | Ars Technica

    Read More: Lenovo Pre-instaling adware/spam - Superfish - pow... - Lenovo Community


    Absolutely appalling! To those who about a week ago were sticking up for computer manufacturers installing crapware on consumers brand new machines, are you also happy for Lenovo to pre-install their own root certificate and perform man-in-the-middle injection on your computer?
      My ComputerSystem Spec

  2.    19 Feb 2015 #2

    I would hope that Lenovo will deal with this issue ASAP. It's not a good thing that they let this get out to the people who purchased their products. I just hope that it was done without their(Lenovo's) knowledge of the issue existing.

    Jeff
      My ComputerSystem Spec

  3.    19 Feb 2015 #3

    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
      My ComputerSystem Spec

  4.    19 Feb 2015 #4

    Lady Fitzgerald said: View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    Beats me.. I have a custom/home built PC so this is really not an issue for me.
      My ComputerSystem Spec


  5. Posts : 68
    Windows 10 Pro x64 TH2
       19 Feb 2015 #5

    Every laptop or pc that I have ever bought gets wiped and a clean install of whatever OS I want. That not only gets rid of all the bumf, but all the gnarly bits as well. But Lenovo aren't the only company this has happened to.
      My ComputerSystem Spec

  6.    19 Feb 2015 #6

    Lady Fitzgerald said: View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    In IE go to Tools - Internet Options - Content - Certificates.
      My ComputerSystem Spec

  7.    19 Feb 2015 #7

    Lady Fitzgerald said: View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    1) Open Start
    2) Type "cert" into the search box > settings
    3) Select the search result that says "Manage computer certificates"
    4) Go to "Trusted Root Certification Authorities"
    5) Delete anything belonging to Superfish
      My ComputersSystem Spec

  8.    19 Feb 2015 #8

    COMPUTIAC said: View Post
    Lady Fitzgerald said: View Post
    Ok, that was a useless article for me. Where the big fat hairy heck do I find certificates?
    1) Open Start
    2) Type "cert" into the search box > settings
    3) Select the search result that says "Manage computer certificates"
    4) Go to "Trusted Root Certification Authorities"
    5) Delete anything belonging to Superfish
    Is that the same as checking in IE and Firefox? I checked in IE and Firefox and didn't find anything. I'm on A HP instead of a Lenovo and wanted to make sure HP didn't do the same thing.
      My ComputerSystem Spec

  9.    19 Feb 2015 #9

    No, its not the same as Firefox, I don't use IE and haven't checked.
    I went thru search in Win 10 to get the results.
    I did a clean install of Win 10 on my Lenovo lappy, bought in March of 2014.
      My ComputersSystem Spec

  10.    19 Feb 2015 #10

    These are the directions I found that actually worked. Why the big, fat, hairy heck couldn't all the other "experts" (the ones who get twice the wear from a toilet seat) provide these with their articles?

    Ifyou are running a Lenovo device you may want to check if the certificate isinstalled on the device and remove it if it is.

    1. Tap on the Windows-key to bring up the start menu or start screen.
    2. Type certmgr.msc and hit enter. This opens the Certificate Manager.
    3. Use the folder structure on the left to navigate to Trusted Root Certification Authorities -> Certificates.
    4. Check if Superfish Inc. is listed among the certificates.
    5. If it is, right-click the certificate and select Delete from the context menu to remove it.

      My ComputerSystem Spec


 
Page 1 of 3 123 LastLast

Related Threads
Update breaks Bluetooth. in Drivers and Hardware
Don't know if anyone else has suffered this problem, but an update earlier today (Toshiba RFBUS) has broken Bluetooth on my PC. Bluetooth is showing (without errors) in Device Manager but it does not work. A search for 'bluetooth settings' in Win...
I have read in a couple of different places that Windows 10 will ship with Outlook straight out of the box. If this is true, then there will be no incentive for me to buy Microsoft Office Professional. Does anybody know if this is true. ...
Have been dual booting Win 7 and Win 10 previews on two Samsung ssd's. I've had no problem with updating each build then extracting the Iso with ESD to Iso then doing a clean install until the switch from 10074 to 10122. Let it update on fast...
Hi I just installed build 10061 on my laptop, after creating an ISO from the ESD file downloaded in the update and using it to make a clean install, when it rebooted and I went through OOBE, i then obviously went to install drivers, but when...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:47.
Find Us