ComSoc Community



Users helping users!

 
In Memory of Jacques "Jack" Berlin
General Meeting Aug 27, 2019 Amherst Audubon Library   

LENOVA Superfish Bug
Read 4031 times
* February 19, 2015, 12:38:46 pm
It was recently discovered that LENOVA Laptop/Notebooks sold between September 2014 and January 2015, contain the Superfish bug. Superfish is a form of malicious adware that exposes Lenovo users to man-in-the-middle attacks, similar to those opened up by Heartbleed. Armed with a hacked password and the right software, a coffee shop owner could potentially spy on any Lenovo user on her network, collecting any other login passwords entered during the session. In theory the evil barista could also insert malware into the data stream at will, disguised as a software update or a trusted site. Internet Explorer and Chrome could be affected by this, while Firefox is currently safe thanks to its independent certificate repository. The following affected models have now been identified :

E-Series:
 E10-30

Flex-Series:
 Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 Pro, Flex 10

G-Series:
 G410, G510, G710, G40-30, G40-45, G40-70, G40-80, G50-50, G50-45, G50-70, G50-80, G50-80Touch

Lenovo Edge 15

Miix-Series:
 Miix2 8, Miix2 10, Miix2 11, Miix 3 1030

S-Series:
 S310, S410, S415, S415 Touch, S435, S20-30, S20-30 Touch, S40-70

U-Series:
 U330P, U430P, U330 Touch, U430 Touch, U540 Touch

Y-Series:
 Y430P, Y40-70, Y40-80, Y50-70, Y70-70

Yoga-Series:
 Yoga2-11, Yoga2-13, Yoga2Pro-13, Yoga3 Pro

Z-Series:
 Z40-70, Z40-75, Z50-70, Z50-75, Z70-80



How to get rid of Superfish: https://nakedsecurity.sophos.com/2015/02/20/how-to-get-rid-of-the-lenovo-superfish-adware

More on a Superfish Fix:   http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/

Testing for Superfish:  http://www.neowin.net/news/from-the-forums-test-your-machine-for-superfish-style-ssl-interceptions


See these links for more details on Superfish;

http://www.personalinjuryattorneyssouthflorida.com/investigation/lenova-superfish-investigation/

http://www.theverge.com/2015/2/19/8069127/superfish-password-certificate-cracked-lenovo

https://nakedsecurity.sophos.com/2015/02/20/the-lenovo-superfish-controversy-what-you-need-to-know

http://www.neowin.net/news/lenovo-pre-installs-adware-on-its-systems-which-could-also-steal-your-private-data

http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-history-of-malware-and-surveillance/

http://www.bbc.com/news/technology-31533028
« Last Edit: March 06, 2015, 09:37:54 am by Mr.Victor »

Logged