Lenovo has a security bulletin released which warns customers for the Super Fish-adware that was installed previously on laptops. According to the manufacturer discovered several vulnerabilities in Superfish, including the installation of a self-signed root certificate.
Consumers can remove Superfish, but Superfish certificate but will remain on the system. Since Superfish according Lenovo SSL traffic intercepted this is a "security concern". Therefore, the manufacturer removal instructions put online, and a list of vulnerable laptops. These laptops in E, Flex, G, M, S, U, Y Yoga and Z-series that are delivered between September 2014 and February 2015. Together account for more than 40 models.
Customers who leave running the certificate in certain scenarios, for example when an open Wi-Fi network, the risk of being attacked by a man-in-the-Middle. Users will also be advised to remove the certificate. Furthermore Superfish would be asked to turn off all server activity of the software. Via Twitter Lenovo announces that it is busy working to rectify the problem and regain the trust of customers.
The CERT Coordination Center (CERT / CC) at Carnegie Mellon University now has a warning issued for the certificate and advises users to delete it. There are EFF by the American civil rights movement removal instructions put online, including for Firefox users.
No comments:
Post a Comment