[Faccus] Security issue with Lenovo computers - February 20

Natasha Jennings njennings at uwaterloo.ca
Fri Feb 20 13:32:25 EST 2015


What is happening? Between September 2014 and February 2015, consumer-grade notebook computers by Lenovo were shipped with a pre-installed third-party piece of software called Superfish. This adware software installs an insecure self-signed root certificate in the local trusted certification authority (CA) store, effectively defeating the security provided by SSL/TLS and leaving the computer and the user vulnerable to Man-in-the-Middle attacks.

How does this impact me? If you own or use a consumer-grade Lenovo computer purchased during the above timeframe, you can visit https://filippo.io/Badfish/ to check whether your computer is affected.

My computer is affected, now what? Contact an IT Service Desk<https://connect.uwaterloo.ca/owa/UrlBlockedError.aspx> or your Faculty Service Desk<https://uwaterloo.ca/information-systems-technology/services/faculty-service-desks> for assistance removing the root certificate. If you feel confident doing this yourself, removal instructions can be found at  https://filippo.io/Badfish/removing.html.

Additional resources: A list of affected models can be found at http://support.lenovo.com/us/en/product_security/superfish?cid=us:email:xpdxlg&sf=70114000002BU2R&ls=15Q4_NA_RM_ALL_HL_LenMal_OV_Malware&elq_mid=5036&elq_cid=853404


Questions or concerns? Please contact the IST Service Desk (CHIP), helpdesk at uwaterloo.ca<mailto:helpdesk at uwaterloo.ca>, ext. 84357.


Recipients of this message: uwweb, isthd, faccus, ist-staff, admin-support, ctsc, ucist, mactug, MSC, SSO, Bulletin


Natasha Jennings
Communications Officer
Information Systems & Technology
University of Waterloo
519-888-4567 ext. 47951
[university-of-waterloo-logo-esig]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20150220/81c7a5be/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 5804 bytes
Desc: image003.png
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20150220/81c7a5be/attachment.png>


More information about the Faccus mailing list