A little-known software called Superfish was catapulted into the spotlight last week when it became clear that the adware was responsible for a dangerous security hole in some Lenovo computers.
Superfish is able to exploit SSL certificates to break into HTTPS connections to scan images for advertising purposes. That is bad on its own, sure, but the part that creates a security problem is how Superfish performs the attack.
The adware installs its own root certificates on computers, which are then able to sneak into “secure” connections. It is called a “man-in-the-middle” attack. Superfish does this so poorly by encrypting possibly all of its certificates with the same password. But Superfish is by no means the only software that does this. Read more…
