In a move stinkyfishthat defines the term “monumental stupidity”, Lenovo has been delivering laptops with pre-installed adware that totally exposes their customers data since last fall.

Built into Lenovo’s version of Windows is a piece of adware called “Superfish”.  This software intercepts advertising being delivered from pages you visit and replaces it with their own advertising.  Pretty scummy, but, that’s just the aggravating part of it.  The real problem is that a single self-signed root HTTPS certificate is used.  Think about this for a minute.

When you use that new Lenovo with Superfish installed a single password, to a single root HTTPS authority exposes everything that would normally be encrypted.  Passwords, Credit Card Numbers, etc.  And, that password has now been published online.

What to do?  Well, the only real way to clear the problem is to completely wipe the hard disk of your Lenovo.  Then reinstall Windows (NOT THE LENOVO VERSION).  And then, change every password to everything.

Need help with that?  Just give OPENRSM a call or email…




(SOURCES, ArsTechnica, Gizmodo, Slashdot,Errata Security)