"Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections | Ars Technica
The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate."
Thursday, February 19, 2015
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections | Ars Technica
A case study on the importance of choosing only well-designed stealthy adware suppliers...