A Superfishy legal judgement
Subject: General Tech | September 5, 2017 - 02:47 PM | Jeremy Hellstrom
Tagged: superfish, Lenovo
Lenovo's executives just breathed a sigh of relief as the final judgment in the case against them for the Superfish fiasco was released. The court decided that as this was Lenovo's first offense they would not be fined, instead they have only been asked to follow procedures that most would assume they already had to. Superfish was a generic root certificate that was pre-installed on many Lenovo machines which allowed the injection of ads into even HTTPS websites, which also meant it could be used to infect your machine via malware laden ads taking advantage of the easily replicated root certificate.
According to Slashdot all Lenovo have been order to do is conduct security audits for the next two decades and to notify users of the existence of pre-installed software that collects data or serves ads and to let a user choose not to install those programs
"Instead, the settlement requires Lenovo to give clear notice to customers of any data collection or ad-serving programs bundled on their laptops, and get affirmative consent before the software is installed. Lenovo also agreed to conduct an ongoing security review of its bundled software, running regular third-party audits for the next 20 years."
Here is some more Tech News from around the web:
- We experienced Windows Mixed Reality. Results: Well, mixed @ The Register
- Asterisk RTP bug worse than first thought: Think intercepted streams @ The Register
- Arozzi Vernazza World Of Tanks Edition Gaming Chair Review @ NikKTech
- Top 5 Worst CPUs @ Techspot