Popular Deal

PSA: Lenovo buyers BEWARE - Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections (EDIT 2/23/15: LAWSUIT PENDING)

franzcatch 2,484 2,664 February 19, 2015 at 11:22 AM in Computers (2)
Deal
Score
+54
24,354 Views
Get Deal

Deal Details

Last Edited by franzcatch February 23, 2015 at 12:54 PM
I know this isn't a "Hot Deal" but I wanted to issue a CAUTION to those who have bought or are thinking to buy a Lenovo device. Especially with the host of Lenovo deals that have been popping up as late.

http://arstechnica.com/security/2...nnections/

Quote :
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated]
Superfish may make it trivial for attackers to spoof any HTTPS website


Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

Even worse, the private encryption key accompanying the Superfish-signed Transport Layer Security certificate appears to be the same for every Lenovo machine. Attackers may be able to use the key to certify imposter HTTPS websites that masquerade as Bank of America, Google, or any other secure destination on the Internet. Under such a scenario, PCs that have the Superfish root certificate installed will fail to flag the sites as forgeries--a failure that completely undermines the reason HTTPS protections exist in the first place.

...

[Update: Lenovo has released a statement saying Superfish was installed on consumer laptops shipped between October and December 2014. The manufacturer said it stopped preloading Superfish in January 2015 and has no plans to resume the practice. Amazingly, the company said it did "not find any evidence to substantiate security concerns," but added that it's responding to them anyway.
Update: Lawsuit Pending
http://yro.slashdot.org/story/15/...ish-adware

Quote :
"Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter. A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with 'fraudulent' business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called 'spyware' in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits."
Share
If you purchase something through a post on our site, Slickdeals may get a small share of the sale.
About the OP
Give Rep Send Message
Saint Louis, MO Joined Oct 2006 L7: Teacher
2,664 Reputation Points
318 Deals Posted
1,348 Votes Submitted
2,484 Comments Posted

Community Wiki

Last Edited by compguy February 20, 2015 at 11:29 AM
Use this website to see if your computer is affected: http://support.lenovo.com/us/en/p.../superfish

Removal instructions: http://www.tomsguide.com/us/lenov...20470.html

This post can be edited by most users to provide up-to-date information about developments of this thread based on user responses, and user findings. Feel free to add, change or remove information shown here as it becomes available. This includes new coupons, rebates, ideas, thread summary, and similar items.

Once a Thread Wiki is added to a thread, "Create Wiki" button will disappear. If you would like to learn more about Thread Wiki feature, click here.

137 Comments

1 2 3 4 5

Sign up for a Slickdeals account to remove this ad.

Joined Sep 2003
L10: Grand Master
14,531 Posts
17,523 Reputation
Pro
#3
Thank you for the information. I just bought a Lenovo laptop earlier this month, then heard about Superfish soon after.

Tofu Vic
Reply Helpful Comment? 0 0
#4
You're right.....this isn't a hot deal.
Reply Helpful Comment? 0 0
#5
aaand it's no longer valid any more.

The service was shut down last month server-side, and they are no longer pre-installing it on machines.

Whatever it's worth, lenovo is crap anyhow.
Reply Helpful Comment? 0 0
Joined Aug 2014
Just here for the pie
502 Posts
447 Reputation
#6
Here's a good article to see if you're affected: http://lifehacker.com/1686788663
Reply Helpful Comment? 0 0
Joined Dec 2006
The OG Deal Finder!
5,309 Posts
1,109 Reputation
#7
Quote from Serus View Post :
aaand it's no longer valid any more.

The service was shut down last month server-side, and they are no longer pre-installing it on machines.

Whatever it's worth, lenovo is crap anyhow.
I got a nasty G50 that is pretty slick for $200 bills from that 50% staples deal after my ebay run but, the washed out screen pisses me off! Fast as hell though.

this doesn't concern me because I wipe the computer clean via control panel as soon as I get them laugh out loud
Reply Helpful Comment? 0 0
Last edited by $hArP February 19, 2015 at 11:38 AM
#8
u right op. this is not hot deal why u still post it here? earn reps?
Reply Helpful Comment? 0 0
Joined Aug 2011
L8: Grand Teacher
3,197 Posts
2,047 Reputation
#9
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

#10
I'm so glad I switched to Apple 10 years ago.
Reply Helpful Comment? 0 0
#11
Wanted to post this earlier. If you purchased a 2015 model(PC, laptop, etc) you wont be affected. And they started to disable(or remove) the superfish from PCs. But for older models you might still have it installed.
Reply Helpful Comment? 0 0
#12
lulz who doesn't wipe and do a clean install from pre built machines?
Reply Helpful Comment? 0 0
#13
Quote from Didi83 View Post :
Wanted to post this earlier. If you purchased a 2015 model(PC, laptop, etc) you wont be affected. And they started to disable(or remove) the superfish from PCs. But for older models you might still have it installed.
Uh, thank you for repeating OP?
Reply Helpful Comment? 0 0
#14
Quote from vdChild View Post :
lulz who doesn't wipe and do a clean install from pre built machines?
You could wipe and clean as much as you want but it will not work with the recovery(or disc) provided from them(it was added in the recovery discs too). It would work if you would buy(or already have) a Windows disc(non manufacturer OEM).

Quote from ilbknownas1 View Post :
Uh, thank you for repeating OP?
You're welcome
Reply Helpful Comment? 0 0
Last edited by Didi83 February 19, 2015 at 11:49 AM
#15
Quote from b2b3j2 View Post :
I'm so glad I switched to Apple 10 years ago.
hahahhahahahhahaha. so naive
Reply Helpful Comment? 0 0
Page 1 of 10
1 2 3 4 5
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard