Superfish

Superfish is a program that was formerly factory-installed on Lenovo computers, designed to inject extra ads into the users' web browsing experience (to "enhance consumer experience" by suggesting related products, or so was claimed). It turned out that it put its own self-signed secure certificate in place to interject itself even in SSL-based secure web transactions, creating an enormous security hole for its users which could be exploited by hackers even if Superfish itself didn't abuse the information about users it could obtain. Superfish used a library from a company called Kommodia, which uncreatively used 'kommodia' as the internal password for unlocking its certificate data.

Links

• Windows SSL Interception Gone Wild
• What You Need to Know About Superfish, The Man-in-the-Middle Adware Installed on Lenovo PCs
• You Had One Job, Lenovo
• Extracting the SuperFish Certificate
• Blog discussion
• Lenovo Community discussion
• Kommodia: Why you need ad injection SDK (Internet Archive copy)
• Lenovo Statement on Superfish (2015-02-19 Internet Archive copy)
• Lenovo Statement on Superfish (2015-02-20 Internet Archive copy)