cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Flepi
Ctrl-Alt-Del
Posts: 17
Location: france
Views: 7,455
Message 51 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

Thanks for your advice on certificats !!

 

Easy to remove on firefox, but on chrome I don't have the right to do it Smiley Sad

 

I'm going to get crazy Smiley Sad

 

unbelievable that they did'nt react at this subjet!!

 

In all country... I'm in France, and no one answer here ^^'

 

thanks to everyone who help !! Smiley Wink

Highlighted
trainer
Paper Tape
Posts: 8
Location: US
Views: 6,987
Message 52 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

FlepiChrome uses the same certs as Internet Explorer, so removing the Superfish cert from the IE Internet Options box should stop Chrome from using it.

BigJobs
What's DOS?
Posts: 1
Location: Europe
Views: 6,984
Message 53 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

The biggest issue here is that the software completely trashes the trust and security provided by SSL and TLS by spoofing browsers into thinking they have a secure connection when in fact they DO NOT.

 

How on earth can Lenovo justify the installation of software that can generate spoof web certificates on the fly for any site visited? This effectively means that the software can spy on ALL browser traffic - to my bank, my doctor, my employer, my email and dozens of otherthings. To do this without explicitly telling the user what this means is nothing short of criminal malware.

"PUP" - Potentially Unwanted Program?

No. This is a "DUMP" - Definitely Unwanted Malware Program.

 

Now, please do the decent thing and make it clear which laptops & PCs are affected, contact the owners and offer free help and advice on removing this software, pointing out that its use is potentially disastrous.

And please post the afffected models and dates here to help those who have got this far.

trainer
Paper Tape
Posts: 8
Location: US
Views: 6,968
Message 54 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

BigJobsThis is absolutely what they need to be doing.

trainer
Paper Tape
Posts: 8
Location: US
Views: 6,931
Message 55 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

In fact, guys, Chromium's policy is that while they try to use system root certificates (the ones found in IE), that they will ignore any that is considered untrustworthy to their knowledge; so it might be worth someone who knows the right people to talk to at the Goog to get Superfish blacklisted.

 

http://www.chromium.org/Home/chromium-security/root-ca-policy

cybergibbons
Punch Card
Posts: 53
Location: GB
Views: 6,819
Message 56 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

The private key was passworded - it has been broken though.

 

 

Moderator comment: A link was removed to help this post conform with the Community Rules.

"No posts shall include instructions or directions intended to subvert security measures, including passwords, locking mechanisms, fingerprint scans, etc, or to subvert safety measures. Nor shall any posts provide descriptions to the location of, nor direct links to content related to these topics."

trainer
Paper Tape
Posts: 8
Location: US
Views: 6,681
Message 57 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

The only thing I hate about the way this is all becoming public is that now people with malicious intent KNOW there's a security hole in hundreds (thousands?) of Lenovo computers, and they KNOW how to exploit it (especially now that the password is public).  This story is all across technology news sites.  But the average guy using a Lenovo laptop isn't going to notice, or know how to fix it, or think they need to.  A lot of people are about to get screwed.

Former Administrator
Posts: 8,592
Location: US
Views: 6,412
Message 58 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

 

All,

 

Thanks for the continued feedback on this topic.  Lenovo has already taken action and has additional information in this article outlining what has already been done and steps customers can take to remove the application.

 

We will update this as additional information becomes available.

 

Best regards,

 

Mark

 

 

cenc
Paper Tape
Posts: 11
Location: CHILE
Views: 6,360
Message 59 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

Lenova, I own two laptops from you. the last two.

 

The password for the fake root ssl certificates for anyone to conduct a man in the middle attack on a lenova laptop is already in the wild.

 

Did that get your attention?

 

This not just some bloatware helpful software. This is an outright zero day high level, backdoor,  security vulnerability (well not zero, because you knew about it and refuse to fix it).

 

Lenova, you owe me at the least two CLEAN stock, window os's. No bloat ware. No spy ware. No viruses or fake SSL certificates. Two clean stock copies of microsoft windows to reinstall on my computers. The other damages, are yet to be determined.

 

I want clean stock bioses also. no hardware blacklisted bioses that block me from upgrading my hardware.

 

the key logger issues I am watch closely.

 

Until I recieve those, I will be googling (using linux) for the class action law suit to join in the united states. I am also looking in to filing a criminal compaint in another country. Because this is a criminal act in the country I purchased at least one of the laptops. Your license agreement does not protect you in that country. 

 

 

Moderator comment: A link was removed to help this post conform with the Community Rules.

"No posts shall include instructions or directions intended to subvert security measures, including passwords, locking mechanisms, fingerprint scans, etc, or to subvert safety measures. Nor shall any posts provide descriptions to the location of, nor direct links to content related to these topics."

redgrenadine
Blue Screen Again
Posts: 19
Location: NYC
Views: 6,311
Message 60 of 159

Re: Lenovo Pre-instaling adware/spam - Superfish - powerd by VisualSearch

It's like the management at Lenovo thought about the quickest possible way to completely and utterly destroy consumer trust and loyalty in their brand and decided to go ahead and do that in exchange for a little bit of $

 

Par for the course for the company that ruined the Thinkpad brand

 

I will enjoy watching the heads roll and the inevitable

 

What  were you guys thinking

 

 

Moderator note: Comment removed which did not comply with the Forum Rules

 

Top Kudoed Authors