A Superfishy legal judgement

Subject: General Tech | September 5, 2017 - 02:47 PM |
Tagged: superfish, Lenovo

Lenovo's executives just breathed a sigh of relief as the final judgment in the case against them for the Superfish fiasco was released.  The court decided that as this was Lenovo's first offense they would not be fined, instead they have only been asked to follow procedures that most would assume they already had to.  Superfish was a generic root certificate that was pre-installed on many Lenovo machines which allowed the injection of ads into even HTTPS websites, which also meant it could be used to infect your machine via malware laden ads taking advantage of the easily replicated root certificate. 

According to Slashdot all Lenovo have been order to do is conduct security audits for the next two decades and to notify users of the existence of pre-installed software that collects data or serves ads and to let a user choose not to install those programs

View Full Size

"Instead, the settlement requires Lenovo to give clear notice to customers of any data collection or ad-serving programs bundled on their laptops, and get affirmative consent before the software is installed. Lenovo also agreed to conduct an ongoing security review of its bundled software, running regular third-party audits for the next 20 years."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.