Hi Folks,
last week we posted two articles related to the Superfish Adware which came pre-installed with some Lenovo devices produced in the last Quarter of 2014. Superfish contains strong security concerns regarding the used SSL interception technology coming from an other Company calling Komodia.
It seams that this will now run into a or better several (i know already about two) class action lawsuit in the US against Lenovo, read also the article at PCWorld. I hope this will be a warning for other Hardware vendors pre-installing software without any sense or effective use for the user and without any real security verification.
Lenovo has already published a uninstall tool (Read also here), also some Virus remove tools like Avast or Microsoft Defender will remove it (or try to do it). In any way you should verify the local Computer Certificate Store to be sure… Also Lenovo released an open letter here.
There is also other Software available which uses the Komodia SSL interception technology incl. a Trojan, there is a really good article available at Facebook by Matt Richard(Facebook Securtiy Team) here and i recommend to read it if you have to do or are intrested with/in IT Security.
If you want to perform a check to verfiy that you’ve not any SSL interception software installed try out this site: Badfish check
You’re using Firefox and Chrome/Internet Explorer? Don’t forget to open the Website above with Firefox and also Chrome/Internet Explorer.
Cheers
Michael