Lenovo PC accused of built-in Superfish advertising plugin

Source: Internet
Author: User
Keywords Lenovo accusation Superfish
Tags advertising application content embedding joint lenovo lenovo pc network
Absrtact: Lenovo's PC products sold overseas are referred to in the system including the advertising plug-in Superfish. The application modifies the content of the Web page and inserts ads in a man-in-the-middle attack, while embedding a security CA certificate in the system that could be exploited by an attacker. Currently linked

Lenovo's PC products sold overseas are accused of including an advertising plug-in Superfish in the system. The application modifies the content of the Web page and inserts ads in a man-in-the-middle attack, while embedding a security CA certificate in the system that could be exploited by an attacker.

Lenovo has now admitted the application exists overseas and has introduced tools for uninstalling and removing security certificates.

Superfish uses a man-in-the-middle attack to hijack a user's network traffic and use a security certificate to allow it to still modify the target page under SSL to achieve the purpose of displaying the advertisement, which can expose the user's network silver and social network accounts to the threat of hacker attack.

The Superfish advertising plug-in, which was provided by its namesake company, said in an interview with the Next Web that the CA certificate was implanted only to provide search functionality (after falsification) to users on any Web site, while the mass exposure of the product was only "a security risk in the product being discovered". Lenovo admits to being cautious when choosing partners.

After the incident, the United States Government also came forward to call on users to remove the security risks as soon as possible Superfish plug-ins.

At the same time, Microsoft has updated Windows Defender, which is built into Windows 8 and above, so that users can use it to remove Superfish and their built-in certificates.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.