The CEO of Superfish, the company behind the software of the same name that has been central to a recent scandal surrounding Lenovo, has admitted to his company intentionally installing the root certificate authority as part of the software, but says that they did not realise the potential consequences.
Speaking to The Next Web, Superfish CEO, Adi Pinhas, said that the software had useful intentions, but that they purposely utilised the root certificate authority to “enable a search from any site.” Superfish’s intent is to scan websites for products for which it can display ads offering users alternatives they may be interested in. This means it could circumvent SSL on sites like Google so it could continue doing what it intended to do – display ads.
Now Pinhas says that the certificate was “not installed without the users opting in”, but he also said that the company did not realise the potentially devastating consequences of utilising such a certificate and that the company didn’t know about the vulnerability until everyone else did. While that’s fine, it does seem a little hard to believe that the software developers who apparently spent four years developing Superfish didn’t realise the insecure nature of the software.
Nevertheless, it’s pretty clear that Superfish isn’t something you want on your computer.
Source: The Next Web
Electronic Arts (EA) announced today that its games were played for over 11 billion hours…
Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…
GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…
Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…
Ubisoft is not having the best of times, but despite recent flops, the company still…
If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…