Komodia
Latest
How could Lenovo miss its Superfish security hole?
Until mid-day yesterday Lenovo thought the biggest problem with Superfish VisualDiscovery was the annoying ads it caused to pop up on customers' laptops. SuperFish was supposed to analyze images on the web and "help" consumers find similar products, but the information security world was learning that it (apparently unintentionally) does quite a bit more. Facebook engineer Mike Shaver tweeted Wednesday night about how the preloaded adware performs a man-in-the-middle (MITM) attack on supposedly secure connections, and by Thursday morning security researcher Rob Graham showed how it could be used to spy on the encrypted communications of anyone running the software. At that point, Levono CTO Peter Hortensius still referred to resulting security problems as "thoretical" but moves today from Microsoft and the US government -- and his comments to us -- show that they've realized the threat is very real. Update: Lenovo has just released a Superfish removal tool. In an accompanying statement (included after the break), the company says it's also working with McAfee so that virus scanners will remove the software and its certificate.
