Last month it became widely known that Lenovo was shipping adware with its products known as Superfish.It injected ads into webpages, but the worst part was thatit also installed its own security certificate which shares its private key. This allows any software that uses that key to fool the device into thinking its legitimate signed software.
Lenovo has now taken steps to eradicate Superfish from its products by making a removal tool available, but that hasn't stopped one of our members from putting together a tutorial that allows you to easily check if you are (still) affected in any way.
A while ago GRC (Steve Gibson) created a page which lets you type in a web address and compare the SHA1 Fingerprint you get via the Official SHA1 Fingerprint he lists on his page, to that which your browser provides. If your browser's SHA1 hash and his don't match, then there is an interception going on. Either your AV is system scanning SSL connections, an employer is monitoring your activity or something like Superfish is up to no good.
This is just a good way to check to make sure nothing on your machine is intercepting your SSL connections.
*Disclaimer* Just because your certificates pass the test, it doesn't mean that your machine is completely secure!
The test requires that you test against the SHA1 fingerprints he has available on the site by visiting one of the websites listed above.
Firefox
Step 1. Click the padlock in the address bar, then "More information" button.
Step 2. Then View Certificate button.
Step 3. Easiest way to compare, is to highlight the SHA1 Fingerprint hash and copy it.
Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted.
Chrome
Step 1. Click the padlock and then the Certificate Information link
Step 2. Easiest way to compare, is to highlight the SHA1 hash Thumbprint and copy it.
Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted.
Internet Explorer
Step 1. Click the padlock on the right of the address bar and then View certificates.
Step 2. Easiest way to compare, is to highlight the SHA1 hash Thumbprint and copy it.
Then go to GRC's page were he lists the SHA1 hash and do a CTRL+F and paste in the hash. If they match, his will become highlighted.
We want to thank warwagon for putting this together, and if you'd like to provide any feedback or comments, be sure to check out the forum thread that discusses it.
24 Comments - Add comment