Werecently learnedthat microcomputer manufacturing business Lenovo is sell computer preinstalled with a dangerous art object of software , called Superfish , that use a man - in - the - midway attack to ruin window ’ encrypted World Wide Web connections for the interest of advertising . ( Here ’s a list of bear on product . )
enquiry from EFF’sDecentralized SSL Observatoryhas seen many thousand of Superfish credential that have all been signed with the same source certificate , picture that HTTPS security for at least Internet Explorer , Chrome , and Safari for Windows , on all of these Lenovo laptop , is now broken . Firefox users also have the problem , because Superfish also inserts its security into the Firefox root store .
This is a serious certificate outlet . For example , shortly after this news became far-flung , security research worker Robert Graham was able toextract the certificatefrom the Superfish adware and quickly cracked the password . With this password , a malicious attacker would be able-bodied to intercept encrypted communications on the same connection ( like at a coffee bar Wi - Fi hotspot ) .
To find out if this government issue touch you , go to Filippo Valsorda’sSuperfish CA test pagein Internet Explorer or Chrome first . If you see a “ YES , ” keep up these instructions ( courtesy of Valsordaand fromLenovo ’s program line ) for remotion :
Step I: Uninstall the Superfish software
spread out the Windows Start menu or Start screen and search for Uninstall a program . Launch it .
Right - click Superfish Inc VisualDiscovery and select Uninstall . When prompted , enter your administrator password .
Uninstalling the software is not enough , because the uninstall does not absent the root word certificate .
Step II: Remove the certificate from Windows
spread out the Windows Start carte or take up screen and search for certmgr.msc . powerful - click it and select Launch as Administrator .
Scroll down oruse findto get to the Superfish , Inc. certificate .
Right - click it and take Delete . If you do n’t see the option to delete it , you may not be running as an administrator ( See step 1 ) .
Step III: Remove the certificate from Firefox
This might or might not be needed , but check to be certain .
Go to Options / Preferences .
Click Advanced , then Certificates .
Click View Certificates .
face for Superfish , if it ’s there , click it and then get through Delete or Distrust .
This station originally appeared on the Electronic Frontier Foundation ’s Deep Links blog with credit toFilippo Valsordafor the how - to take . To learn how to test your PC for the Superfish adware , interpret this how - to guide at Lifehacker .
Photo byVertes Edmond Mihai .
HackingLenovoPrivacySecurity
Daily Newsletter
Get the undecomposed technical school , science , and culture news in your inbox daily .
News from the future , fork over to your present .
You May Also Like
