Dan Tobias at 05:13, 4 March 2015

2015-03-04T05:13:23Z

Dan Tobias: Created page with "{{FormatInfo |formattype=electronic |subcat=Security }} '''Superfish''' is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into..."

2015-03-04T05:12:23Z

Created page with "{{FormatInfo |formattype=electronic |subcat=Security }} '''Superfish''' is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into..."

New page

{{FormatInfo
|formattype=electronic
|subcat=Security
}}
'''Superfish''' is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into the users' web browsing experience (to "enhance consumer experience" by suggesting related products, or so was claimed). It turned out that it put its own self-signed secure certificate in place to interject itself even in SSL-based secure web transactions, creating an enormous security hole for its users which could be exploited by hackers even if Superfish itself didn't abuse the information about users it could obtain. Superfish used a library from a company called Kommodo, which uncreatively used 'kommodo' as the internal password for unlocking its certificate data.

== Links ==
* [https://m.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339 Windows SSL Interception Gone Wild]
* [http://www.tripwire.com/state-of-security/security-data-protection/superfish-lenovo-adware-faq/ What You Need to Know About Superfish, The Man-in-the-Middle Adware Installed on Lenovo PCs]
* [http://www.slate.com/articles/technology/bitwise/2015/02/lenovo_superfish_scandal_why_it_s_one_of_the_worst_consumer_computing_screw.html You Had One Job, Lenovo]
* [http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html Extracting the SuperFish Certificate]
* [https://mcgath.wordpress.com/2015/02/23/lenovo/ Blog discussion]
* [https://forums.lenovo.com/t5/Security-Malware/Potentially-Unwanted-Program-Superfish-VisualDiscovery/m-p/1860408/highlight/true Lenovo Community discussion]
* [https://web.archive.org/web/20150220024518/http://www.komodia.com/ad-injection-sdk/ Kommodia: Why you need ad injection SDK] (Internet Archive copy)
* [http://web.archive.org/web/20150219191531/http://news.lenovo.com/article_display.cfm?article_id=1929 Lenovo Statement on Superfish] (2015-02-19 Internet Archive copy)
* [http://web.archive.org/web/20150220180448/http://news.lenovo.com/article_display.cfm?article_id=1929 Lenovo Statement on Superfish] (2015-02-20 Internet Archive copy)

[[Category:Malware]]

@@ Line 3: / Line 3: @@
 |subcat=Security
 }}
-'''Superfish''' is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into the users' web browsing experience (to "enhance consumer experience" by suggesting related products, or so was claimed). It turned out that it put its own self-signed secure certificate in place to interject itself even in SSL-based secure web transactions, creating an enormous security hole for its users which could be exploited by hackers even if Superfish itself didn't abuse the information about users it could obtain. Superfish used a library from a company called Kommodo, which uncreatively used 'kommodo' as the internal password for unlocking its certificate data.
+'''Superfish''' is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into the users' web browsing experience (to "enhance consumer experience" by suggesting related products, or so was claimed). It turned out that it put its own self-signed secure certificate in place to interject itself even in SSL-based secure web transactions, creating an enormous security hole for its users which could be exploited by hackers even if Superfish itself didn't abuse the information about users it could obtain. Superfish used a library from a company called Kommodia, which uncreatively used 'kommodia' as the internal password for unlocking its certificate data.
 == Links ==

Superfish - Revision history

Dan Tobias at 05:13, 4 March 2015

Dan Tobias: Created page with "{{FormatInfo |formattype=electronic |subcat=Security }} '''Superfish''' is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into..."