Madshrimps Forum Madness

Madshrimps Forum Madness (https://www.madshrimps.be/vbulletin/)
-   WebNews (https://www.madshrimps.be/vbulletin/f22/)
-   -   Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections (https://www.madshrimps.be/vbulletin/f22/lenovo-pcs-ship-man-middle-adware-breaks-https-connections-130196/)

jmke 19th February 2015 09:46
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections
 
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

http://arstechnica.com/security/2015...s-connections/


All times are GMT +1. The time now is 23:25.

Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO