There is news website The Next Web, reporting that new PCs from Lenovo comes with a hidden application to control which ads users see on the Web. The program is called Superfish and analyze what products the user is viewing via web browsers Chrome, Internet Explorer and Firefox and insert their own ads on websites and in Google searches.
read more Chemicals Inspectorate blacklisting poisonous tablets
Lenovo Yoga, photo: Maurizio Pesce, CC BY
To program existed preloaded on Lenovo’s consumer machines have been discussed in various user forums and post complaints shall Lenovo in late January temporarily have removed the program from the new machines delivered. Company spokesperson, according to The Next Web in the same forum defended the program that helps users find cheaper products.
A Swedish users on the Lenovo forums also point to a greater risk with Superfish. On a screen shot shows he or she will Superfish installed its own cryptographic certificat in the computer that opens to a so-called man-in-middle attack where traffic against an encrypted webbisda, such as a bank, could be intercepted and read unencrypted by Superfish despite the fact that the browser shows that the traffic is safe.
The reason that Super Fish wants to “hijack” the encrypted traffic is likely to be able to insert their own ads also on encrypted pages.
According to the site Ars Technica has the problem of certificates confirmed also by security researcher Chris Palmer yesterday bought a new Lenovo Yoga 2 with Superfish installed. He has also been seen that the security certificate that Superfish installed on his computer and replacing it his bank would have used are the same on other users’ computers which according to him increases the risk that someone with bad intentions could create a false certificate for a secure Web users with Lenovo could not discover.
IDG.se during ‘m talking to Lenovo in Sweden who say they have too little information about Superfish for be able to comment.
No comments:
Post a Comment