Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo Hit With Lawsuit Over Superfish Adware

Posted by samzenpus on from the here-comes-the-trouble dept.

An anonymous reader writes with news that the fallout from the Superfish fiasco might just be starting for Lenovo. "Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter. A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with 'fraudulent' business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called 'spyware' in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits."

3 of 114 comments (clear)

  1. Re:How's this any different... by fuzzyfuzzyfungus · · Score: 4, Informative

    This fine bloatware didn't merely act as an MiTM, it do so so incompetently that it exposed the user to basically any MiTM attack on an SSL connection(the root cert it used to sign bogus certificates was identical across every installation and effectively unprotected and the MiTM component would re-sign any cert handed to it, even an invalid one, opening the user to downright trivial MiTM attacks.

    Even if the actual behavior of the bloatware were downright saintly(which is not the case) it was so incompetently constructed as to be indistinguishable from malice.

  2. Re:Lawyers rejoice!! by jythie · · Score: 5, Informative

    Which is why it should be a criminal or regulatory investigation instead. However, because of the way our legal system is put together, this kind of DIY justice is pretty much the only option. People resort to class action lawsuits because prosecutors and law enforcement have written themselves out of responsibility and delegated enforcement of such laws to the consumer. Many laws and regulations are ONLY triggerable via class action lawsuit.

  3. Re:How's this any different... by nyet · · Score: 2, Informative

    This fine bloatware didn't merely act as an MiTM, it do so so incompetently that it exposed the user to basically any MiTM attack on an SSL connection(the root cert it used to sign bogus certificates was identical across every installation and effectively unprotected and the MiTM component would re-sign any cert handed to it, even an invalid one, opening the user to downright trivial MiTM attacks.

    Many "enterprise" (lol) class proxies (deployed by corporations to "protect" their internal networks") do the exact same thing.