"Although the intentions may not be malicious, the implementation is certainly is. Superfish is more than just adware, it's a man-in-the-middle attack that occurs as adware. In an era of continuous security-related news it is shocking that Lenovo software installs the SSL chain breaks on in such a fundamental way. " Winn sees similarities with the Sony rootkit scandal in 2005, only this time the consequences are much greater.
"It touches both privacy as the fundamental trust that consumers have SSL-protected Web sites." He also predicts that this action Lenovo customers will cost. "Lenovo has a loyal following among IT professionals, as evidenced by the present Thinkpads anywhere within companies. There is no doubt that this incident will have a severe drain on the balance of Lenovo. No system tolerates a Man-in the-middle attack on proprietary or BYOD devices. "
The American civil rights movement EFF calls it an amateurish design choice of Superfish to inject ads through a self-signed certificate. "Lenovo's decision to provide this software was incredibly irresponsible and a great abuse of the trust that they received from customers." Lenovo late by Bloomberg know it was a mistake to install the software standard on laptops and that the only purpose was to improve the customer experience.
No comments:
Post a Comment