SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Homeland Security Urges Lenovo Customers to Remove Superfish
Date    Saturday February 21 2015, @03:46PM
Author    martyb
Topic   
from the fishing-for-answers dept.
https://soylentnews.org/article.pl?sid=15/02/21/1527223

Hugh Pickens writes:

Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System, the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites, and perform other attacks on Lenovo PCs with the software installed.

Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."

[Editor's Note: For background information on this threat, Ars Technica has coverage here, here, here, and here.]

Links
  1. "Hugh Pickens" - http://hughpickens.com/
  2. "Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers" - http://www.reuters.com/article/2015/02/20/lenovo-cybersecurity-dhs-idUSL1N0VU21H20150220
  3. "vulnerable to SSL spoofing" - https://www.us-cert.gov/ncas/current-activity/2015/02/20/Lenovo-Computers-Vulnerable-HTTPS-Spoofing
  4. "perform other attacks on Lenovo PCs with the software installed" - https://www.us-cert.gov/ncas/alerts/TA15-051A
  5. "providing instructions for uninstalling "Superfish"" - http://support.lenovo.com/us/en/product_security/superfish_uninstall
  6. "here" - http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/
  7. "here" - http://arstechnica.com/security/2015/02/how-to-remove-the-superfish-malware-what-lenovo-doesnt-tell-you/
  8. "here" - http://arstechnica.com/security/2015/02/ssl-hijacker-behind-superfish-debacle-imperils-big-number-of-users/
  9. "here" - http://arstechnica.com/security/2015/02/superfish-doubles-down-says-https-busting-adware-poses-no-security-risk/
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Homeland Security Urges Lenovo Customers to Remove Superfish on 2024-04-19 19:24:27