f***y
发帖数: 4447 | 1 http://en.wikipedia.org/wiki/Superfish
Lenovo security incident[edit]
Users had expressed concerns about scans of SSL-encrypted web traffic by
Superfish Visual Search software that was pre-installed on Lenovo machines
since at least early December 2014.[18] However, this became a major public
issue only in February 2015. The installation included a universal self-
signed certificate authority; the certificate authority allows a man-in-the-
middle attack to introduce ads even on encrypted pages. The certificate
authority had the same private key across laptops; this allows third-party
eavesdroppers to intercept HTTPS secure communications without triggering
browser warnings if they extracted the key.[7][4] On February 20, 2015,
Microsoft released an update for Windows Defender which removes Superfish.[5
] In an article in Salon tech writer David Auerbach compares the incident to
the Sony DRM rootkit scandal and said of Lenovo's actions, "installing
Superfish is one of the most irresponsible mistakes an established tech
company has ever made."[19]
Criticisms of Superfish software predated the "Lenovo incident" and were not
limited to the Lenovo user community: as early as 2010, Apple, Mozilla
Firefox, and Microsoft Windows users had expressed concerns in online
support and discussion forums that Superfish software had been installed on
their computers without their knowledge, by being bundled with other
software.[11] | f***y
发帖数: 4447 | | k**o
发帖数: 15334 | 3 还是联想自己的问题,别人的code不审查就放到自己机器上卖给用户,活该。 |
|
