In this episode, the Radio Free HPC team looks at the recent Lenovo laptop scandal involving Superfish malware.
The US government’s Computer Emergency Readiness Team (US-CERT) has said the Superfish ad-injecting malware installed by Lenovo on its new laptops is a “critical” threat to security.
Why would Lenovo do such a thing? The company contends that it intentionally installed the program on consumer laptops so that they could “enhance the user’s shopping experience” by serving up ads on encrypted web pages.
Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate,” US-CERT said on Friday, urging people to remove the adware. “Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.”
Henry worries that this unfortunate situation is endemic of an unfortunate lack of concern out there about security in general. With the recent news that dozens of banks have been compromised this week, it would be hard to argue.
While Lenovo now scrambles into Damage Control mode, the question for our readers is: how will this affect Lenovo’s ability to sell to the U.S. Federal supercomputing market? Dan contends that this offense occurred with different folks at an entirely different division, and that the company should be able to rebuild trust over time. Rich, on the other hand, thinks Superfish will hurt the company badly and that Lenovo will have to build its HPC fortunes somewhere besides U.S. soil.
Got Something to Say? Here is our new Voicemail Box: (503) 852-1843. Send us your questions, comments, and ideas and we’ll put you on the show.
