Absrtact: Lenovo's PC products sold overseas are referred to in the system including the advertising plug-in Superfish. The application modifies the content of the Web page and inserts ads in a man-in-the-middle attack, while embedding a security CA certificate in the system that could be exploited by an attacker. Currently linked
Lenovo's PC products sold overseas are accused of including an advertising plug-in Superfish in the system. The application modifies the content of the Web page and inserts ads in a man-in-the-middle attack, while embedding a security CA certificate in the system that could be exploited by an attacker.
Lenovo has now admitted the application exists overseas and has introduced tools for uninstalling and removing security certificates.
Superfish uses a man-in-the-middle attack to hijack a user's network traffic and use a security certificate to allow it to still modify the target page under SSL to achieve the purpose of displaying the advertisement, which can expose the user's network silver and social network accounts to the threat of hacker attack.
The Superfish advertising plug-in, which was provided by its namesake company, said in an interview with the Next Web that the CA certificate was implanted only to provide search functionality (after falsification) to users on any Web site, while the mass exposure of the product was only "a security risk in the product being discovered". Lenovo admits to being cautious when choosing partners.
After the incident, the United States Government also came forward to call on users to remove the security risks as soon as possible Superfish plug-ins.
At the same time, Microsoft has updated Windows Defender, which is built into Windows 8 and above, so that users can use it to remove Superfish and their built-in certificates.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.