While representatives of Lenovo has made it clear that the company does not completely understand the risk that it is now much talked crapware program Superfish Visual Discovery hijacker encrypted browser connections – officially to insert ads on secure web pages, warns increasingly more about the potential the danger of having the program and the associated root certificate installed.
Warning
US-CERT, IT security group that is subject to Department of Homeland Security, came Friday with a warning that software and the certificate can be used in attacks of the SSL spoofing, ie falsification of assumed safe traffic.
According to Reuters tells Superfish that the problem was inadvertently introduced through a tool that comes with Superfish Visual Discovery. This is a tool provided by Israeli Komödie. Many will remember that password to said root was just Komödie.
Komödie be small extent have wanted to speak to the press, but on the company website disclose that the company offers hijacker software that makes it possible for a pc users to view data sent encrypted from the machine. In isolation, this functionality can be useful for certain. But in this case, the tool is in use without users have requested it or know the risks when the software is installed and in use.
According to Reuters’ sources should also other software, including several filters that parents can install on PCs to their children, have adopted this solution from Komodo. This also applies Komodo own product in this category, ironically named KeepMyFamilySecure. But according to Ars Technica will also trojans and a lot other software using the same technology.
Lenovo
Lenovo announced Friday that the automatic uninstall utility company had promised earlier in the week, now is available on this page. It should remove Superfish software but also Superfish certificate from all the major browsers. The tool is released with Mozilla Public License. Source code is available here.
Lenovo has come with a tool that will be able to remove all traces of Superfish tool. Illustration: digi.no
Also, some existing security tools have been updated to remove Superfish, including Microsoft’s Windows Defender. But according to Ars Technica does not remove Microsoft’s tools all possible instances of the certificate.
– We are sorry that we have caused these concerns among our users. We learn from this experience and will use it to improve what we do and how we do it in the future, writes Lenovo said in a statement Friday.
No comments:
Post a Comment