We recently learned that PC manufacturer Lenovo is selling computer systems preinstalled with a harmful piece of software, known as Superfish, that uses a man-in-the-center attack to break Windows’ encrypted Net connections for the sake of advertising. (Here’s a list of affected products.) Analysis from EFF’s Decentralized SSL Observatory has seen many 1000’s of Superfish certificates which have all been signed with the same root certificates, displaying that HTTPS security for at least Chrome, Internet Explorer, and Safari for Windows, on all of those Lenovo laptops, is now broken. Firefox users even have the problem, because Superfish additionally inserts its certificate into the Firefox root store.
This can be a severe security problem. For example, shortly after this news became widespread, security researcher Robert Graham was capable of extract the certificate from the Superfish adware and shortly cracked the password. With this password, a malicious attacker would be capable to intercept encrypted communications on the same network (like at a cafe Wi-Fi hotspot).
To seek out if this issue affects you,goto Filippo Valsorda Superfish CA test page in Chrome or Internet Explorer first. If you see a “YES,” follow these directions (courtesy of Valsorda and from Lenovo’s instructions) for removal:
Step I: Uninstall the Superfish software
- Open the Windows Start menu or Start display screen and search for Uninstall a program. Launch it.
- Right-click Superfish Inc VisualDiscovery and select Uninstall. When prompted, enter your administrator password.
Step II: Remove the certificate from Windows
- Open the Windows Start menu or Start display screen and search for certmgr.msc. Right-click it and select Launch as Administrator.
- Click on Trusted Root Certification Authorities and open Certificates.
- Scroll down or use find to get to the Superfish, Inc. certificate.
- Right-click on it and select Delete. If you do not see the option to delete it, you might not be running as an administrator (See step 1).
Step III: Eliminate the certificate from Firefox
This may or might not be needed, however check to be sure.
- Go to Options/Preferences.
- Click on Advanced, then Certificates.
- Click View Certificates.
- Look for Superfish, if it is there, click on it and then click on Delete or Distrust.
Step IV: Restart your browser
Close or quit your Web browser fully. You can also restart your computer.
Step V: Check again
Load the test page again from each Chrome/IE and from Firefox and ensure you get a No this time.
Note: The test may still be caught on the old result. If after you comply with the steps to remove Superfish you still get a YES, go to canibesuperphished.com. If you’re warned by your web browser before you’ll be able to entry the site, Superfish has been successfully eliminated.
Congratulations, you fixed your new laptop! It is likely to be a good idea to change important passwords now. (It is always a good idea anyway.)
[su_box title=”Top Stories:” style=”soft” box_color=”#ccd1cb” radius=”9″][su_posts template=”templates/list-loop.php” posts_per_page=”4″ tax_operator=”0″ order=”desc”][/su_box]