superfish malware

[Swamppifi]

Hi all

I have just read this article...wtf......

if this is true, what are things coming to.

itis about how malware called superfish is being shipped in new lenovo computers as a master root certificate to bypass SSL

The article is at http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/

I have only just swapped out my companies Lenovo just two weeks ago.

this is alarming

[Rkiver]

It is true, it was announced last week, early last week, and the reaction was quite severe.

Lenovo tried to do PR spin on it, and failed. Microsoft of all people have a fix in their Windows Defender that takes care of most of it. Lenovo's own announcement tells you which ones it says are affected, but a quick google will tell you how to check and be sure.

[digip]

If you're like most of us who wipe a machine and remove crapware when you buy it, or, moved from windows to linux upon purchase, you would be fine in most cases, but yeah, superfish software is an issue for lenovo users, but so are a slew of other apps most people take for granted, such as default weather sidebars/apps, games, drivers, and other things pre-installed across most computers, not just lenovo devices.

[Swamppifi]

what concerns me, is the fact that we went from Dell,4 years ago to Lenovo, the entire corporate system is Lenovo, as of the beginning of the year, we are going back to dell when equipment leases expire.

i am lucky that I just replaced my laptop after I had the graphic card fail, I work in a design office with cad systems, and we have a high failure rate with laptops built in graphics cards dying from the software heavy usage.

I think I will let our IT guy know about this issue tomorrow.

I wonder if this is exploitable....