Superfish Adware Flaw

Superfish Adware Flaw

The discovery of a serious flaw in Superfish adware has allowed hackers a field day. Lenovo unfortunately had preloaded the Superfish adware on its new computers prior to February, 2015, but has released a tool to eliminate the adware. The adware acts by not properly validating website certificates and weakening encryption so that it can be read.

The same code library is used by an Israeli company, Komodia, to circumvent Web encryption with a proxy. The flawed software allows hackers to create bogus certificates to mimic legitimate ones used by websites, including those of banks’ online access. The hijacked website would be redirected to the attacker’s bogus website. The victim’s browser would give no warning that this redirection was happening.