| | | Superfish adware frenzy over Lenovo 'betrayal of trust'
Hackers can exploit Lenovo weakness to intercept apparently secure communications
By Matt Kwong, CBC News Posted: Feb 24, 2015 5:00 AM ET| Last Updated: Feb 24, 2015 5:00 AM ET
[...]
How common are these MITM vulnerabilities?
If there's any positive outcome from the Superfish fallout, it's that the revelations have led to greater awareness of these types of vulnerabilities, said Westin, the threat intelligence expert with Tripwire.
'I'd rather pay $20 more for a laptop that's private and secure than have to deal with this.'
— Ken Westin, Tripwire
"Researchers are finding these techniques are used by a lot of other companies," he said. "This thing with Lenovo is just the first shoe to drop."
Siegrist said that while "seven or eight" Superfish-style codes have recently been identified, Superfish is catching the most flak because it was pre-installed and distributed so broadly on Lenovo products.
Lenovo is also not the only PC manufacturer to pre-install software on new computers, however.
Keenan said that bundling in such "annoyware" often brings down costs of new computers, as software makers might pay the vendors for the privilege of being preloaded.
For his part, Westin wants to see the practice to stop.
"I'd rather pay $20 more for a laptop that's private and secure than have to deal with this," he said.
[...]
cbc.ca |
|
