In this episode, the Radio Free HPC team looks at the recent Lenovo laptop scandal involving Superfish malware. The company intentionally installed the program, which replaces security certificates so that the company could serve up ads on encrypted web pages.
Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate,” US-CERT said on Friday, urging people to remove the adware. “Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.”
While Lenovo now scrambles into Damage Control mode, the question for our readers is: how will this affect Lenovo’s ability to sell to the U.S. Federal supercomputing market? Dan contends that this offense occurred with different folks at an entirely different division, and that the company should be able to rebuild trust over time. Henry worries that this unfortunate situation is endemic of an unfortunate lack of concern out there about security in genera. Rich, on the other hand, thinks Superfish has sealed the company’s supercomputing doom and that Lenovo will have to build its HPC fortunes somewhere besides U.S. soil.
Got Something to Say? Here is our new Voicemail Box: (503) 852-1843. Send us your questions, comments, and ideas and we’ll put you on the show.
Download the MP3 * Subscribe on iTunes * RSS Feed