There are lot of efforts in the tech industry to fight against the rising cyber threats these days. Recently Facebook launched a social platform for the security experts, the ThreatExchange. This project intends to bring together all the security personnel from all around the world and work collaboratively against such malicious content. And recently Lenovo has been in news for its ‘Superfish’ software which was pre-installed in some of its laptops. This program makes the users vulnerable to cyber attacks. And recently after a lot of attention grabbed by other such events like the cyber attacks on Sony, this instance has been entertained with topmost priority. Superfish is present on Lenovo laptops sold between September 2014 and January 2015.
The US government on Friday (20th February) advised Lenovo Group Ltd. to work on this mishap. The Department of Homeland Security said in an alert that the program generates vulnerability to a type of attack called SSL spoofing. This will enable hackers to read encrypted web traffic, redirect traffic from official websites to spoofs and other attacks. Lenovo apologized late on Friday in a statement for causing these concerns among its users and said that it was exploring every action to address the issues around Superfish.
And the latest to “Superfish” issue is Lenovo releasing a tool to help users remove the malware content. In one of their latest posts, Lenovo provided details on manual instructions and automated tool. It also specified that its teams are working along with McAfee and Microsoft to have the Superfish software quarantined or removed using their tools. This tool allows users to automatically uninstall the application and delete the certificate from browsers, which previously had to be done manually. A researcher Filippo Valsorda has created a test to check if your computer is infected or not.
The gravity of Superfish issue shifted gears when researchers found and published a password that would allow to unlock the certificate authority and bypass the computer’s web encryption. With this password and the appropriate software tools, a person on the same Wi-Fi network could potentially spy on the one with the bug, or insert malware into the data stream. With such issues taking highest priority, one thing comes clear that companies are devoting their complete dedication to resolve any such issues, which comes as a celebratory note to the users.
