The CEO of Superfish, the company behind the software of the same name that has been central to a recent scandal surrounding Lenovo, has admitted to his company intentionally installing the root certificate authority as part of the software, but says that they did not realise the potential consequences.
Speaking to The Next Web, Superfish CEO, Adi Pinhas, said that the software had useful intentions, but that they purposely utilised the root certificate authority to “enable a search from any site.” Superfish’s intent is to scan websites for products for which it can display ads offering users alternatives they may be interested in. This means it could circumvent SSL on sites like Google so it could continue doing what it intended to do – display ads.
Now Pinhas says that the certificate was “not installed without the users opting in”, but he also said that the company did not realise the potentially devastating consequences of utilising such a certificate and that the company didn’t know about the vulnerability until everyone else did. While that’s fine, it does seem a little hard to believe that the software developers who apparently spent four years developing Superfish didn’t realise the insecure nature of the software.
Nevertheless, it’s pretty clear that Superfish isn’t something you want on your computer.
Source: The Next Web
LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…
The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…
【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…
FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…
The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…
【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…