Lenovo Pre-installed malware (opens in new tab)

(myce.com)

29 pointsmeandave11y ago3 comments

3 comments

3 comments · 2 top-level

Mithaldu11y ago· 1 in thread

Forum link where Lenovo employees confirm the issue:

https://forums.lenovo.com/t5/Security-Malware/Potentially-Un...

And here's the money quote about the malware:

"Superfish Inc aka VisualDiscovery aka Similarproducts application will hijack ALL your secure webconnections (SSL/TLS) by using self signed root certificate authority, making it look legitimate to the browser"

0x011y ago

That's pretty amazing. Does their SSL MITM proxy even validate the certs they are rewriting, or are all these Lenovos completely open to MITM? (And the certs are marked "all purposes", does that include native and java code signing too?)

0x011y ago

Why would Microsoft even allow Lenovo to license OEM Windows if they treat customers to an Out-Of-The-Box experience like this? No wonder macs are popping up everywhere I go...

j / k navigate · click thread line to collapse