This story just keeps getting worse for Lenovo. After getting called out for inserting additional ads into user's browsing experience and claiming to have disabled and stopped installing the offending software, Lenovo's "Superfish" adware has seen its certificate cracked by security researchers. The worst part is, it evidently was easy to break the app's security. The end result is that affect Lenovo computer users — and there are potentially hundreds of thousands of them — could see their computers needlessly exposed to attack.
Per computer security researcher Rob Graham:
"I extracted the certificate from the SuperFish adware and cracked the password ("komodia") that encrypted it. […] The consequence is that I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot."
The worst part is that the certificate was cracked using a run-of-the-mill dictionary attack, running through words in the dictionary until access was granted. And so, within 10 seconds, Graham was in and able to run "man-in-the-middle" traffic interception attacks on any affected Lenovo user with Superfish installed.
What's frightening about this sort of attack is that it offers access to your outgoing and incoming data. The attacker can simply record it, or can actually intercept and change what you're downloading or uploading, all without your knowledge.
These are the best 27-inch monitors money can buy
A 27-inch monitor is just about the perfect size without having to sit too far away or whip your head back and forth to follow things across the screen. If you’re in the market for a new monitor, check out our top picks.
Add or upgrade the RAM in your MSI GE66 Raider with this guide
Have an MSI GE66 Raider without enough memory for your needs? Our guide walks you through what's needed to upgrade the RAM in your laptop.
Review: Razer's Hammerhead True Wireless Pro deliver THX and ANC for gamers
If you're looking for really good wireless earbuds and also happen to like mobile gaming, the new Razer Hammerhead True Wireless Pro is what you need. Featuring THX audio, ANC, low-latency streaming, and excellent comfort, there's a lot to like. Here's what we think of them after a week of using them with iOS and Android.
We pit the HP ENVY x360 15 against the Lenovo Yoga C740 15
Both the Lenovo Yoga C740 and the HP ENVY x360 15 are great convertible devices, but which one should you actually buy? Here are our thoughts.