Lenovo Laptops with hacked CA certificate

[wlanboy]

Lenovo once again added some not-so-good software (called VisualDiscovery Superfish application
) to their preinstall list for laptops.

They added a removal guide: http://forums.lenovo.com/t5/Lenovo-P-Y-and-Z-series/Removal-Instructions-for-VisualDiscovery-Superfish-application/ta-p/2029206

Please check if you have the hacked root CA installed on your Lenovo laptops: https://filippo.io/Badfish/

This is the perfect SSL desaster that man-in-the-middle attackers need: A public available root CA certificate with a known password.

If you want to read some background information read following blog post: http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

 

[GIANT_CRAB]

SuperFish ayylmao.

There's a sort of slightly better removal guide here: https://www.eff.org/deeplinks/2015/02/how-remove-superfish-adware-your-lenovo-computer

Its almost the same so meh. 

Just remember that Lenovo claimed that "they didn't know about this" and is trying to escape from as much responsibility as possible. 

 

[wlanboy]

Just remember that Lenovo claimed that "they didn't know about this" and is trying to escape from as much responsibility as possible. 

Yup, they choosed to take the money to preinstall that ad-aware-money-making super app on their laptops.

 

[Jasson.Pass]

So glad I wipe and install my own Linux image these days.

 

[AMDbuilder]

I'm glad I build my own computers.

 

[Hxxx]

YUp i was reading about this yesterday. It hard to believe that Lenovo, whose parent  company is IBM, decided to go through this path.

Is always good to wipe clean any equipment you buy that comes with preinstalled OS. I'm sure this is not the first time such thing happen with preloaded computers.

 

[mojeda]

YUp i was reading about this yesterday. It hard to believe that Lenovo, whose parent  company is IBM, decided to go through this path.

Is always good to wipe clean any equipment you buy that comes with preinstalled OS. I'm sure this is not the first time such thing happen with preloaded computers.

IBM does not own Lenovo, IBM sold their personal computer division to Lenovo.

 

[GIANT_CRAB]

There's a major difference between Lenovo and IBM. 

When IBM sold their PC division to Lenovo, a lot of China workers who were working at the production factories protested against IBM's move as they knew that it will mean lesser pay and more work for them. It goes to show that a lot of Chinese factory workers there dislike Lenovo's work environment and ethics of the company.

 

[drmike]

I read about this.

Add it to my list of why I don't use store bought / factory install OS + malware.