Hubbry Logo
search
logo
Superfish avatar
Superfish
Superfish
current hub
S

Superfish

logo
Community Hub0 Subscribers
Read side by side
Superfish
View on Wikipedia
from Wikipedia

Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California.[1] It was founded in Israel in 2006[2] and has been regarded as part of the country's "Download Valley" cluster of adware companies.[3] Superfish's software is malware and adware.[4][5][6][7][8] The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014.[4] On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.[4][9]

Key Information

History

[edit]

Superfish was founded in 2006 by Adi Pinhas and Michael Chertok.[2][10] Pinhas is a graduate of Tel Aviv University.[11] In 1999, he co-founded Vigilant Technology, which "invented digital video recording for the surveillance market", according to his LinkedIn profile.[better source needed] Before that, he worked at Verint, an intelligence company that analyzed telephone signals and had allegedly tapped Verizon communication lines.[12] Chertok is a graduate of Technion and Bar-Ilan University with 10 years of experience in "large scale real-time data mining systems".[13]

Since its founding, Superfish has used a team of "a dozen or so PhDs" primarily to develop algorithms for the comparison and matching of images. It released its first product, WindowShopper, in 2011.[14] WindowShopper immediately prompted a large number of complaints on Internet message boards, from users who did not know how the software had been installed on their machines.[12]

Superfish initially received funding from Draper Fisher Jurvetson, and to date has raised over $20 million, mostly from DFJ and Vintage Investment Partners.[15] Forbes listed the company as number 64 on their list of America's most promising companies.[16]

Pinhas in 2014 stated that "Visual search is not here to replace the keyboard ... visual search is for the cases in which I have no words to describe what I see."[17]

As of 2014, Superfish products had over 80 million users.[18]

In May 2015, following the Lenovo security incident (see below) and to distance itself from the fallout, the team behind Superfish changed its name and moved its activities to JustVisual.com.[19]

Lenovo security incident

[edit]

Users had expressed concerns about scans of SSL-encrypted web traffic by Superfish Visual Search software pre-installed on Lenovo machines since at least early December 2014.[citation needed] This became a major public issue, however, only in February 2015. The installation included a universal self-signed digital certificate issued by certificate authority; the certificate authority allows a man-in-the-middle attack to introduce ads even on encrypted pages. The digital certificate had the same private key across laptops; this allowed third-party eavesdroppers to intercept or modify HTTPS secure communications without triggering browser warnings by either extracting the private key or using a self-signed certificate.[5][8][20] On February 20, 2015, Microsoft released an update for Windows Defender which removes Superfish.[6] In an article in Slate tech writer David Auerbach compares the incident to the Sony DRM rootkit scandal and says of Lenovo's actions, "installing Superfish is one of the most irresponsible mistakes an established tech company has ever made."[21] On February 24, 2015, Heise Security published an article revealing that the certificate in question would also be spread by a number of applications from other companies including SAY Media and Lavasoft's Ad-Aware Web Companion.[22]

Criticisms of Superfish software predated the "Lenovo incident" and were not limited to the Lenovo user community: as early as 2010, users of computers from other manufacturers had expressed concerns in online support and discussion forums that Superfish software had been installed on their computers without their knowledge, by being bundled with other software.[12]

CEO Pinhas, in a statement prompted by the Lenovo disclosures, maintained that the security flaw introduced by Superfish software was not, directly, attributable to its own code; rather, "it appears [a] third-party add-on introduced a potential vulnerability that we did not know about" into the product. He identified the source of the problem as code authored by the tech company Komodia, which deals with, among other things, website security certificates.[23] Komodia was founded by Barak Weichselbaum, a former programmer for Israel's IDF Intelligence Core.[24] Komodia code is also present in other applications, among them, parental-control software; and experts have said "the Komodia tool could imperil any company or program using the same code" as that found within Superfish.[25] In fact, Komodia itself refers to its HTTPS-decrypting and interception software as an "SSL hijacker", and has been doing so since at least January 2011.[26] Its use by more than 100 corporate clients may jeopardize "the sensitive data of not just Lenovo customers but also a much larger base of PC users".[27] Komodia was closed in 2018.[28]

Products

[edit]

Superfish's first product, WindowShopper, was developed as a browser add-on for desktop and mobile devices, directing users who hover over browser images to shopping Web sites to purchase similar products. As of 2014, WindowShopper had approximately 100 million monthly users, and according to Xconomy, "a high conversion to sale rate for soft goods". Superfish's business model is based on receiving affiliate fees on each sale.[15]

The core technology, Superfish VisualDiscovery, is installed as a man-in-the-middle proxy on some Lenovo laptops. It injects advertising into results from Internet search engines; it also intercepts encrypted (SSL/TLS) connections.[7][29]

In 2014, Superfish released new apps based on its image search technology.

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Superfish

View on Grokipedia
from Grokipedia
Superfish was an adware program developed by Superfish, Inc., pre-installed on certain Lenovo consumer laptops starting in September 2014, designed to intercept users' web traffic—including encrypted HTTPS connections—to deliver targeted pop-up advertisements based on viewed content.[1][2] The software functioned by installing a non-unique, self-signed root certificate authority (CA) into the system's trusted store, enabling it to decrypt, inspect, and re-encrypt web traffic without triggering browser security warnings, which facilitated ad insertion but introduced severe vulnerabilities.[1] This certificate, protected by a weak, recoverable private key shared across all affected devices, allowed malicious actors to perform man-in-the-middle (MITM) attacks, spoofing secure sites for activities like online banking or email to steal credentials and sensitive data undetected.[1][2] Discovered and publicized by security researchers in early 2015, Superfish sparked widespread outrage for undermining user trust in HTTPS encryption and violating privacy without consent, leading to complaints from affected owners as early as late 2014.[2] Lenovo responded by discontinuing the pre-installation of Superfish on new devices, releasing an official removal tool, and providing guidance to delete the rogue certificate from systems.[1][2] The scandal culminated in legal repercussions, including a $3.5 million settlement with 32 U.S. states in 2017 over allegations of deceptive practices in software installation, requiring Lenovo to obtain consumer consent for future pre-installed programs and implement a 20-year compliance monitoring program.[2] Superfish, Inc., the Israeli-based company behind the technology, ceased operations in May 2015 amid the backlash, with its founder pivoting to a new venture called JustVisual.[2] The incident highlighted broader risks of manufacturer-preloaded bloatware and prompted updates to antivirus software to detect and mitigate similar threats.[3]

Overview

Definition and Purpose

Superfish is adware software developed by Superfish Inc., a Palo Alto-based company specializing in visual search technology, designed to inject context-based advertisements into users' web browsing sessions.[4] The software analyzes images displayed on webpages to identify products and opportunities for targeted promotions.[5] Its primary purpose is to enable a visual search feature that enhances online shopping by allowing users to hover over images and receive relevant recommendations and advertisements for similar items.[5] This functionality aims to transform passive browsing into interactive e-commerce experiences, particularly for consumers using personal laptops.[6] Superfish utilizes underlying interception technology provided by Komodia Technologies to facilitate the real-time insertion of these ads without disrupting the user's session.[7] The business model centers on revenue generation through affiliate commissions earned from retailers and e-commerce partners whenever users are directed to purchase recommended products.[6] This approach benefits Superfish and its original equipment manufacturer (OEM) collaborators by monetizing enhanced user engagement. Superfish was notably pre-installed on certain Lenovo consumer laptops to promote these e-commerce features.[1]

Development Background

Superfish was founded in 2006 in Israel by Adi Pinhas, a former Intel engineer with experience in surveillance technology, and Michael Chertok, both veterans of the video surveillance industry from their previous startup, Vigilant Technology.[4][8] The company initially focused on developing visual search and advertising software, aiming to enable users to discover products through image-based queries rather than text searches. Headquartered initially in Israel as part of the "Download Valley" adware cluster, Superfish later relocated its main operations to Palo Alto, California, to access Silicon Valley funding and markets.[9][10] The core development team, led by Pinhas as CEO and Chertok as CTO, specialized in browser extension technologies for ad delivery and visual recognition. Superfish raised over $20 million in funding by 2013, including a $10 million Series D round from investors like Draper Fisher Jurvetson and Vintage Investment Partners, which supported the expansion of its "Window Shopper" product—a tool for overlaying product recommendations on web pages. Early iterations of the software, bundled with third-party applications as far back as 2010, emphasized non-intrusive ad overlays to enhance shopping experiences without disrupting user navigation.[11][12][11] Distribution partnerships grew through bundling agreements with software providers, such as integrations with Oracle Java downloads and the Awesome Screenshot Chrome extension around 2010–2012, allowing Superfish to reach users via popular freeware. A significant pre-installation deal was struck in June 2014 with OEM Lenovo, under a profit-sharing arrangement, leading to the software's inclusion on consumer notebook models like the IdeaPad and Yoga series starting in September 2014. These deals positioned Superfish as a revenue-sharing tool for hardware manufacturers seeking to monetize preloaded applications.[11][13][14]

Technical Functionality

Ad Injection Process

Superfish activates as a persistent system service on Windows-based Lenovo laptops, configuring a local proxy through the Windows Filtering Platform to intercept network traffic across multiple browsers, including Chrome and Firefox. This setup redirects all HTTP and HTTPS requests to the proxy without needing individual browser extensions, ensuring comprehensive coverage of web activity upon user acceptance of the software's terms.[15][16] The proxy then scans intercepted page content for ad insertion opportunities, analyzing elements such as images and text to determine contextual relevance for sponsored promotions. Superfish's VisualDiscovery feature, for example, uses image recognition algorithms to identify products on webpages like search results or retail sites, evaluating them for potential matches with affiliate offerings. Based on this analysis, the software generates targeted queries to external servers, such as those hosted by Superfish, via asynchronous XMLHttpRequest calls to retrieve suitable ad assets without significantly delaying page rendering.[17][16] Ad content received from these servers is injected by dynamically modifying the page's HTML structure, CSS styles, and JavaScript execution to overlay sponsored elements seamlessly into the Document Object Model. This process appends components like recommendation bars, inline links, or fly-in banners—such as visual overlays on Google searches or product suggestions on e-commerce pages—while employing JavaScript callbacks to connect with affiliate networks for tracking and revenue generation. These alterations prioritize relevance to the original content, supporting the tool's aim of visual product discovery through integrated advertising.[16][17]

Certificate Management

Superfish employs a self-signed root certificate authority (CA) to enable its ad injection capabilities on encrypted web traffic. Upon activation on a compatible system, the software installs a pre-generated self-signed root certificate directly into the Windows trusted root certificate store, granting it the same level of trust as certificates issued by established public CAs. Superfish utilizes the Komodia SSL Digestor framework for managing certificate installation and traffic interception.[18][19][15] This installation occurs automatically as part of the Superfish application's setup process, typically during the initial boot or software initialization on pre-installed Lenovo devices.[20] To facilitate traffic interception, Superfish directly uses the installed root CA to sign dynamically generated certificates that impersonate those of legitimate websites during rerouted HTTPS connections.[15] The process involves a local proxy server that leverages the Windows Filtering Platform (WFP) to redirect traffic, enabling the creation of on-the-fly signed certificates for each session.[15] This ensures seamless integration without triggering browser warnings, as the root's trusted status validates the forged certificates. The primary purpose of this certificate management is to decrypt HTTPS traffic for content analysis and ad insertion, followed by re-encryption of the modified data. By terminating the original TLS session and establishing a new one with the generated certificate, Superfish can scan page content to identify opportunities for injecting targeted advertisements, such as product recommendations, before forwarding the altered response to the user's browser.[19][18] This setup supports the overall ad injection workflow by handling secure connections transparently. Superfish's certificate system is designed specifically for Windows operating systems, integrating with the system's certificate stores to affect browsers that rely on them, including Internet Explorer and Microsoft Edge. It does not extend to other platforms or browsers with independent trust management, such as those on macOS or mobile devices.[20][15]

Security Vulnerabilities

Man-in-the-Middle Exploitation

The Superfish adware's design flaw centered on its use of a self-signed root certificate, whose private key was embedded directly within the software's installation files, rendering it publicly accessible and extractable with minimal effort. This exposure meant that any individual or attacker obtaining the software binary could retrieve the private key, enabling them to generate forged certificates signed by the Superfish root for arbitrary websites. As a result, affected systems trusted these forged certificates as legitimate, bypassing standard public key infrastructure (PKI) safeguards.[21][1][22] This vulnerability facilitated man-in-the-middle (MITM) attacks, where malware infecting the device or remote exploits targeting the system could leverage the exposed private key to intercept HTTPS traffic. Attackers could decrypt, inspect, modify, or redirect encrypted sessions—such as those to banking sites or email services—without the browser issuing any security warnings, as the forged certificates appeared valid to the compromised root trust store. The attack vector was particularly insidious because Superfish's certificate installation process automatically added the root to the system's trusted store during software setup.[1][19][23] In early 2015, security researchers demonstrated the exploit's severity through tools like Badfish, developed by Filippo Valsorda, which scanned for Superfish's presence and illustrated its potential for complete session hijacking by simulating intercepted secure connections. These demonstrations highlighted how attackers could trivially spoof any HTTPS endpoint, underscoring the software's role in undermining TLS protections.[24][25] The scope of this MITM risk extended to all Lenovo consumer laptops pre-installed with Superfish from late 2014 onward, persisting until users manually removed both the software and its root certificate, as the self-signed nature precluded any centralized revocation or invalidation mechanism. Without such removal, systems remained perpetually vulnerable to key-based forgery by anyone possessing the publicly available private key.[1][26][27]

User Impact and Risks

Superfish's interception of HTTPS traffic enabled significant privacy invasions by logging users' browsing habits, including visits to sensitive sites such as banking portals, thereby exposing personal data like login credentials and financial details without user consent.[23] This vulnerability allowed potential attackers to spy on encrypted communications, compromising email, search histories, social media activity, and online banking sessions.[28][29] The financial risks were particularly acute, as the adware's self-signed certificates facilitated man-in-the-middle attacks that could spoof secure connections to sites like banks or e-commerce platforms, leading to phishing attempts and theft of credentials or funds.[23] Users faced heightened exposure to fraudulent transactions, with attackers potentially impersonating trusted entities such as Wells Fargo or Amazon to capture sensitive payment information.[28] Performance degradation was another notable impact, with Superfish consuming substantial system resources during its constant scanning of web traffic for ad injection opportunities, utilizing up to 300 MB of memory per browser instance and as much as two-thirds of CPU capacity.[30] This resource intensity often resulted in slowed device operation and reduced battery life, exacerbating user frustration on affected laptops. Even after uninstalling the software, long-term exposure persisted due to the retention of Superfish's root certificate in the system's trust store, which required manual removal to mitigate ongoing risks of interception until subsequent operating system updates addressed the issue.[23][15] This residual vulnerability left users susceptible to unauthorized access for extended periods if not properly remediated.

Lenovo Incident

Discovery in 2015

The discovery of Superfish's security flaws on Lenovo devices unfolded in early 2015, beginning with user reports of intrusive ad injections during web browsing and unexpected certificate warnings in browsers. These anomalies were first highlighted in online forums and social platforms, including a Reddit post on February 19, 2015, where users detailed how the pre-installed Superfish software intercepted HTTPS connections by installing its own self-signed root certificate, potentially enabling unauthorized surveillance.[31] This initial exposure drew attention to the software's role in modifying secure web traffic without user consent, prompting further scrutiny from the tech community. Security researchers quickly conducted independent analyses that uncovered critical vulnerabilities in Superfish's implementation. Experts, including Paul Pearce from the University of California, Berkeley, and Rob Graham of Errata Security, revealed that the private key for the root certificate was embedded directly in the software binary and protected only by a weak, hardcoded password ("komodia"), allowing anyone to extract it and forge certificates for any website. The same private key was shared across all affected devices.[24][32] This breakthrough demonstrated how attackers could perform undetectable man-in-the-middle exploits on affected systems, compromising sensitive activities like online banking and email. The findings were shared publicly through technical blogs and detection tools, accelerating awareness of the threat. Superfish had been pre-installed on select Lenovo consumer laptops, including models such as the G50 series, Y50 series, and Yoga 2 Pro, which were shipped starting in September 2014 and continuing through February 2015.[18] Lenovo confirmed the software was limited to certain consumer notebook lines and not included on ThinkPad, desktop, tablet, or server products. Initial estimates placed the global impact at hundreds of thousands of devices, based on sales data for the affected models during the installation period, though exact figures varied as Lenovo ceased preloading the software in January 2015.[33]

Public and Expert Backlash

The revelation of Superfish's security flaws in February 2015 triggered intense media scrutiny, with major outlets amplifying concerns over its ad injection and certificate vulnerabilities. The Guardian described Superfish as emblematic of "malware big business," criticizing Lenovo for prioritizing revenue from intrusive advertising over user privacy and security, potentially exposing millions to man-in-the-middle attacks.[34] Forbes highlighted Superfish's long history of malware complaints dating back to 2010, including user reports of it functioning as surveillance software that intercepted encrypted connections without consent.[11] WIRED reported on the "huge backlash," labeling Superfish as malicious adware that not only cluttered browsers with ads but also created enterprise-level risks by undermining HTTPS protections.[29] Cybersecurity experts issued stark warnings about the broader implications, emphasizing immediate threats to users and organizations. The Electronic Frontier Foundation (EFF) condemned Superfish as a "catastrophically irresponsible" abuse of trust, noting that its self-signed root certificate enabled attackers to impersonate secure sites across major browsers, potentially allowing theft of sensitive data like banking credentials without detection.[35] The Cybersecurity and Infrastructure Security Agency (CISA, then US-CERT) issued an alert detailing how Superfish facilitated HTTPS spoofing attacks, advising all affected users to remove the software and certificate to mitigate risks on public networks.[1] Experts like those at F-Secure and Errata Security further underscored the software's amateurish design, which relied on outdated man-in-the-middle techniques reminiscent of known malware.[11] Consumers responded swiftly with legal and communal efforts to address the intrusion. In the United States, multiple class-action lawsuits were filed against Lenovo and Superfish, alleging fraudulent practices and violations of consumer protection laws, with one prominent case seeking damages for the software's installation on consumer laptops since late 2014.[36] User forums, including Lenovo's own support communities and Reddit, were flooded with complaints and demands for removal instructions, prompting the creation of widespread guides to uninstall the adware and revoke its certificate.[29] In Europe, media coverage in outlets like The Guardian fueled public outrage and calls for accountability, leading to regulatory scrutiny under data protection frameworks, though specific lawsuits mirrored U.S. actions in scope.[37] The EFF also published a detailed removal tutorial, reflecting the scale of user-driven remediation efforts.[38] The scandal inflicted significant reputational harm on Lenovo, eroding consumer trust and sparking organized protests. Privacy advocates and online communities issued boycott threats, decrying the pre-installation as a betrayal of security norms, while the hacking group Lizard Squad defaced Lenovo's website in a high-profile protest, redirecting visitors to mocking images and amplifying the controversy.[39] This backlash contributed to perceptions of Lenovo as prioritizing profits over safety, with experts warning of long-term damage to its market position in an era of rising cybersecurity awareness.[29]

Response and Aftermath

Lenovo's Actions

On February 19, 2015, Lenovo issued an official statement acknowledging that it had pre-installed Superfish software on certain consumer notebook models to enhance the shopping experience, while emphasizing that the software did not profile, monitor, or record user behavior and that each session was independent.[40][41] The company noted that it had already halted Superfish preloads and shut down related server connections in January 2015 in response to user complaints about the software's performance.[40] To address the issue, Lenovo provided users with a downloadable automated tool for uninstalling the Superfish software and deleting its associated self-signed root certificate from the system's certificate store.[41] Additionally, the company collaborated with McAfee and Microsoft to integrate Superfish detection and removal into their antivirus and security tools, ensuring broader automated remediation.[41] Lenovo committed to fully phasing out Superfish from all new shipments by the end of February 2015 and confirmed it would not be included on any future devices, including ThinkPads, desktops, tablets, smartphones, or servers.[40][42] In response to the controversy, Lenovo halted the preloading of Superfish and initiated an internal review of its pre-installed software practices, including exploration of a cleaner PC image and a revised preload strategy developed in consultation with privacy and security experts.[42] The company also worked with Symantec, McAfee, and Microsoft to conduct security assessments and updates aimed at preventing similar vulnerabilities in third-party software.[42] As part of its remediation efforts, Lenovo offered affected customers a free six-month subscription to McAfee LiveSafe antivirus software to help protect against potential security risks arising from Superfish.[43] This compensation was made available through a dedicated support page for eligible users who had purchased qualifying notebook models.[43]

Legal Consequences

The Federal Trade Commission (FTC) filed a complaint against Lenovo in 2017, alleging that the company engaged in deceptive practices by preinstalling VisualDiscovery adware—developed by Superfish—on consumer laptops sold starting in August 2014, which compromised users' online security without adequate disclosure or consent.[14] The software intercepted HTTPS traffic in a man-in-the-middle manner, exposing sensitive information like login credentials and financial data to potential attacks due to weak encryption and disabled browser warnings.[44] In the resulting settlement, announced in September 2017 and given final approval in January 2018, the FTC required Lenovo to implement a comprehensive software security program for 20 years, subject to independent audits, and prohibited misrepresentations about preinstalled software features; no direct monetary payment was mandated by the FTC itself.[14] Concurrently, a coalition of 32 state attorneys general secured a $3.5 million settlement in 2017 for consumer redress and ongoing monitoring of Lenovo's practices.[45] Multiple class-action lawsuits followed the Superfish revelations, primarily in the United States, where consumers alleged privacy invasions and security harms from the preinstalled adware. In a key U.S. case, Superfish settled for $1 million in February 2016, agreeing to cooperate with plaintiffs against Lenovo, while Lenovo later contributed $7.3 million, resulting in an $8.3 million total settlement approved in 2018 to compensate affected laptop owners.[46][47] In Canada, a class-action suit against Lenovo and Superfish for breach of warranties and privacy torts led to settlements approved in November 2017 for Superfish and March 2020 for Lenovo, with Lenovo agreeing to pay CDN$700,000; fund distribution to claimants is ongoing.[48][49] Additional claims emerged in the European Union, focusing on violations of privacy laws due to unauthorized data interception, but no major settlements were reported, with litigation emphasizing GDPR-like protections against undisclosed tracking.[50] The incident prompted regulatory alerts from the Cybersecurity and Infrastructure Security Agency (CISA), which issued warnings in February 2015 about the Superfish adware's vulnerability to HTTPS spoofing attacks on affected Lenovo devices, urging immediate removal to mitigate risks.[1] These alerts contributed to broader scrutiny, including recommendations from the Department of Homeland Security for users to uninstall the software, though no widespread bans on affected devices in government procurements were enacted specifically tied to Superfish; however, the vulnerabilities heightened caution in federal IT purchasing guidelines.[1] The Superfish controversy influenced industry practices by establishing precedents for greater transparency in bundled software. The FTC settlement imposed on Lenovo requirements for affirmative consumer consent before installing security-altering adware and mandated risk assessments for third-party software, serving as a model for original equipment manufacturers (OEMs) to enhance disclosures and security vetting in subsequent product lines.[51] This led to wider adoption of stricter OEM policies on preinstalled bloatware, with companies increasingly prioritizing explicit user notifications and opt-in mechanisms to avoid similar liability.[52]

References

  1. Lenovo Superfish Adware Vulnerable to HTTPS Spoofing - CISA
  2. Lenovo fined over Superfish adware-ridden laptops - BBC
  3. Adware:W32/Superfish | F-Secure
  4. Superfish - Crunchbase Company Profile & Funding
  5. Superfish doubles down, says HTTPS-busting adware poses no ...
  6. Superfish CEO Adi Pinhas gets ahead with WindowShopper app ...
  7. Lenovo's Response to Its Dangerous Adware Is Astonishingly ...
  8. Visual search co Superfish raises $10m - Globes English - גלובס
  9. Startup fingers Israeli firm in major web security breach
  10. Q&A: Adi Pinhas, founder and CEO of tech startup Superfish
  11. Superfish: A History Of Malware Complaints And International ...
  12. Visual search startup Superfish hooks $10M from Vintage, DFJ, and ...
  13. Lenovo Reaches Proposed $8.3 Million Settlement Agreement
  14. Lenovo Settles FTC Charges it Harmed Consumers With ...
  15. The power of trust: “Superfish” case turns into a worst case scenario
  16. [PDF] Ad Injection at Scale: Assessing Deceptive Advertisement ...
  17. How Lenovo's Superfish 'Malware' Works And What You Can Do To ...
  18. SuperFish Vulnerability - Lenovo Support US
  19. Lenovo's Superfish Adware and the Perils of Self-Signed Certificates
  20. What You Need to Know About Superfish, The Man-in-the-Middle ...
  21. Win32/CompromisedCert threat description - Microsoft
  22. Superfish vulnerability traced to other apps, too | PCWorld
  23. Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS ...
  24. Superfish, Komodia, PrivDog vulnerability test - Filippo Valsorda
  25. How to detect if I am vulnerable to "Superfish," and how to remove it?
  26. Remove Superfish Root Certificate - GlobalSign Support
  27. https://www.hackaday.com/2015/02/19/lenovo-shipped-pcs-with-spyware-that-breaks-https/
  28. Dear Software Vendors: Please Stop Trying to Intercept Your ...
  29. Lenovo faces huge backlash over Superfish adware - WIRED
  30. The story of my adware cleaning | Kaspersky official blog
  31. Lenovo users report preinstalled "Superfish" adware "actually ...
  32. “SSL hijacker” behind Superfish debacle imperils large number of ...
  33. Lenovo's Superfish security snafu blows up in its face - CNET
  34. Lenovo demonstrates that malware is big business - The Guardian
  35. Lenovo Is Breaking HTTPS Security on its Recent Laptops
  36. Lenovo Sued Over Superfish Adware - NPR
  37. Lenovo accused of compromising user security by installing adware ...
  38. How to Remove Superfish Adware From Your Lenovo Computer
  39. Lenovo website hacked and defaced by Lizard Squad in Superfish ...
  40. LENOVO STATEMENT ON SUPERFISH
  41. Updated Lenovo Statement on Superfish
  42. Superfish Update - An Open Letter from Lenovo CTO Peter Hortensius
  43. Update on Free McAfee Subscription for Lenovo Customers with ...
  44. [PDF] 152 3134 - Federal Trade Commission
  45. Attorney General Becerra Announces $3.5M Settlement with Lenovo ...
  46. Lenovo Spyware Defendant Superfish Settles for $1 Million
  47. Lenovo Pays $7.3 Million to Settle Superfish Adware Lawsuit
  48. Lenovo Class Action Lawsuit
  49. Lenovo and Superfish: Proposed Class Action Proceeds on Privacy ...
  50. Lenovo Computers Vulnerable to HTTPS Spoofing - CISA
  51. FTC Gives Final Approval to Lenovo Settlement
  52. Lenovo Settles FTC Charges Regarding Pre-Installed Software That ...
User Avatar
No comments yet.