Lenovo CTO says “We didn’t do enough,” promises to wipe Superfish off PCs

Lenovo officials are starting to come around to something most people in security circles are saying in an almost unanimous voice—the pre-installation of a fake HTTPS certificate on consumer laptops puts banking passwords and other sensitive information at risk of theft by man-in-the-middle hackers.

"We agree that this was not something we want to have on the system, and we realized we needed to do more," Lenovo CTO Peter Hortensius said in an interview with The Wall Street Journal, referring to adware from a company called Superfish. "Obviously in this case we didn't do enough."

Hortensius went on to say company developers are in the process of writing software that will completely remove all code and data associated with the adware, which is marketed by a company called Superfish. He didn't provide a timeline for when the removal software would be available to end users. Hortensius' statement and the pledge to remove Superfish represent an about-face from Lenovo's previous position that there were no security concerns associated with the adware.

Read 3 remaining paragraphs | Comments