Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday February 21 2015, @03:46PM   Printer-friendly
from the fishing-for-answers dept.

Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System, the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites, and perform other attacks on Lenovo PCs with the software installed.

Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."

[Editor's Note: For background information on this threat, Ars Technica has coverage here, here, here, and here.]

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Funny) by Lunix Nutcase on Saturday February 21 2015, @05:04PM

    by Lunix Nutcase (3913) on Saturday February 21 2015, @05:04PM (#147809)

    Superfish? Is that some Windoze crapware?

    Starting Score:    1  point
    Moderation   +1  
       Flamebait=1, Funny=2, Total=3
    Extra 'Funny' Modifier   0  

    Total Score:   2  
  • (Score: 5, Funny) by jasassin on Saturday February 21 2015, @05:34PM

    by jasassin (3566) <jasassin@gmail.com> on Saturday February 21 2015, @05:34PM (#147814) Journal

    Superfish? Is that some Windoze crapware?

    Watch out! You are bound to summon HairyFeet and we'll all have to listen to his sermon on the Ubuntu Amazon lens fiasco... again.

    --
    jasassin@gmail.com Key fingerprint = 0644 173D 8EED AB73 C2A6 B363 8A70 579B B6A7 02CA
    • (Score: 3, Interesting) by nightsky30 on Saturday February 21 2015, @06:49PM

      by nightsky30 (1818) on Saturday February 21 2015, @06:49PM (#147843)

      Do you have to say the name 3 times?

      I was not very happy with Amabuntu either, but I think this is worse.

    • (Score: 0) by Anonymous Coward on Monday February 23 2015, @04:54AM

      by Anonymous Coward on Monday February 23 2015, @04:54AM (#148312)

      Watch out! You are bound to summon HairyFeet

      He won't have the courage to pop up here. He's been shilling for Comodo for decades and they've been busted doing the same thing.

      https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html [hboeck.de]

  • (Score: 2) by TheRaven on Sunday February 22 2015, @09:52AM

    by TheRaven (270) on Sunday February 22 2015, @09:52AM (#148050) Journal
    It's an impressively named product: something that enables phishing scams on a huge scale. The most shocking thing about this whole affair has been how honest they were in their branding - I'd assumed that superfish was its malware designation, not its marketing name...
    --
    sudo mod me up