Lenovo PCs are being shipped to the US from China with the man-in-the-middle adware that breaks https connections. Superfish is the adware installed in these machines that can intercept the traffic of every website visit of a user. So, when the user visits a secure site (https), the site certificate is controlled by Superfish and represents itself as the authentic website certificate.
“Surprisingly, the behavior largely escaped the notice of security and privacy advocates, until now. On February 18th evening, following several lengthy Twitter discussions about the overlooked behavior, security researcher Chris Palmer bought a Lenovo Yoga 2 Pro for $600 at a San Francisco Bay Area Best Buy store. He quickly confirmed that the model was pre-installed with the Superfish software and self-signed key.”
Read more about this here.
Omega is a Managed Security Services Provider. Call us for your data security and PCI compliance needs. Phone 636-557-7777 or email pci@www.omegasecure.com.
