Superfish

According to a number of Lenovo users, their computers are coming installed with adware straight out of the box. This adware is called Superfish and it can spy on your secure transactions. This is done by installing its own self-signed certificate authority, which allows it to monitor secure connections.

One particularly bad thing about this vulnerability is that Superfish uses the same private key for its root certificate on every machine it’s installed on. If someone were to crack this they could inject malicious code into the machine.

This key was cracked by Rob Graham of Errata Security. Lenovo has since stopped putting this software on its computers. However, if you bought your Lenovo computer when they had the Superfish software on it you are still vulnerable. So you should get that checked.

http://gizmodo.com/lenovo-installs-adware-on-new-computers-that-could-stea-1686721226

Advertisements