When the government issues a warning about someone else's potential electronic spying, you're bound to feel as if we're teetering on the edge of a 1984 dystopia.
But that's exactly what happened on Friday, when the Department of Homeland Security warned that Lenovo — a highly regarded manufacturer of computers — had "spyware" preinstalled on consumer laptops that could expose secure communications to hackers.
Companies pay big bucks to pre-load their insidious programs on computers. In this case, the controversial software came from a Silicon Valley startup called Superfish, which has pioneered visual recognition technology. Its software captures images of products that users view online and then shows them ads for similar products. Security experts say Superfish also installs its own fake certification on computers to trick Internet browsers into giving it access to secure connections.
Even worse, the Superfish software on certain Lenovo laptops also allows hackers access to those connections. The software has security holes that enable hackers to spoof secure websites and steal critical data. So when users visit secured or encrypted websites such as banks and credit card companies, their information can be easily stolen, according to security experts and the government.
"This means websites, such as banking and email, can be spoofed without a warning from the browser," wrote the cybersecurity division of Homeland Security in a statement, calling the Superfish program a "critical vulnerability" that could allow a remote attacker "to read all encrypted web browser traffic, successfully impersonate (spoof) any website, or perform other attacks on the affected system."
For its part, Superfish has said the vulnerability was "introduced unintentionally by a third party." Lenovo has apologized to customers and released a software tool on Friday allowing customers to remove the Superfish code from their laptops.
Both Superfish and Lenovo are in damage-control mode. And neither has adequately taken responsibility for the spyware scandal. The truth is there's no reason any non-critical software should be bundled with laptops to begin with. At best, this scandal exposes a chilling lack of oversight on what gets installed on machines. At worst, it exposes something nefarious. Either way, Lenovo has sold out its customers.
This controversy couldn't come at a worse time for Lenovo as the company faces growing competition from Microsoft's Surface line of PCs. Those computers, by the way, do not come with adware whatsoever.
Anda sedang membaca artikel tentang
Booting Up: Laptop security hole puts buyers at risk, damages trust in company
Dengan url
http://newsreviewsis.blogspot.com/2015/02/booting-up-laptop-security-hole-puts.html
Anda boleh menyebar luaskannya atau mengcopy paste-nya
Booting Up: Laptop security hole puts buyers at risk, damages trust in company
namun jangan lupa untuk meletakkan link
Booting Up: Laptop security hole puts buyers at risk, damages trust in company
sebagai sumbernya
0 komentar:
Posting Komentar