fbpx
Wikipedia

Superfish

December 15, 2023

Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California.[1] It was founded in Israel in 2006[2] and has been regarded as part of the country's "Download Valley" cluster of adware companies.[3] Superfish's software is malware and adware.[4][5][6][7][8] The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014.[4] On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.[4][9]

Superfish
TypePrivate
IndustryInternet
Founded2006 (2006)
DefunctMay 2015
FateClosed
SuccessorJustVisual.com
Headquarters
Palo Alto, California
,
United States
Key people
  • Adi Pinhas (co-founder & CEO)
  • Michael Chertok (co-founder & CTO)
ServicesVisual search[1]
Revenuec. $40 million
Number of employees
90

History edit

Superfish was founded in 2006 by Adi Pinhas and Michael Chertok.[2][10] Pinhas is a graduate of Tel Aviv University.[11] In 1999, he co-founded Vigilant Technology, which "invented digital video recording for the surveillance market", according to his LinkedIn profile.[better source needed] Before that, he worked at Verint, an intelligence company that analyzed telephone signals and had allegedly tapped Verizon communication lines.[12] Chertok is a graduate of Technion and Bar-Ilan University with 10 years of experience in "large scale real-time data mining systems".[13]

Since its founding, Superfish has used a team of "a dozen or so PhDs" primarily to develop algorithms for the comparison and matching of images. It released its first product, WindowShopper, in 2011.[14] WindowShopper immediately prompted a large number of complaints on Internet message boards, from users who did not know how the software had been installed on their machines.[12]

Superfish initially received funding from Draper Fisher Jurvetson, and to date has raised over $20 million, mostly from DFJ and Vintage Investment Partners.[15] Forbes listed the company as number 64 on their list of America's most promising companies.[16]

Pinhas in 2014 stated that "Visual search is not here to replace the keyboard ... visual search is for the cases in which I have no words to describe what I see."[17]

As of 2014, Superfish products had over 80 million users.[18]

In May 2015, following the Lenovo security incident (see below) and to distance itself from the fallout, the team behind Superfish changed its name and moved its activities to JustVisual.com.[19]

Lenovo security incident edit

Users had expressed concerns about scans of SSL-encrypted web traffic by Superfish Visual Search software pre-installed on Lenovo machines since at least early December 2014.[citation needed] This became a major public issue, however, only in February 2015. The installation included a universal self-signed certificate authority; the certificate authority allows a man-in-the-middle attack to introduce ads even on encrypted pages. The certificate authority had the same private key across laptops; this allowed third-party eavesdroppers to intercept or modify HTTPS secure communications without triggering browser warnings by either extracting the private key or using a self-signed certificate.[5][8][20] On February 20, 2015, Microsoft released an update for Windows Defender which removes Superfish.[6] In an article in Slate tech writer David Auerbach compares the incident to the Sony DRM rootkit scandal and says of Lenovo's actions, "installing Superfish is one of the most irresponsible mistakes an established tech company has ever made."[21] On February 24, 2015, Heise Security published an article revealing that the certificate in question would also be spread by a number of applications from other companies including SAY Media and Lavasoft's Ad-Aware Web Companion.[22]

Criticisms of Superfish software predated the "Lenovo incident" and were not limited to the Lenovo user community: as early as 2010, users of computers from other manufacturers had expressed concerns in online support and discussion forums that Superfish software had been installed on their computers without their knowledge, by being bundled with other software.[12]

CEO Pinhas, in a statement prompted by the Lenovo disclosures, maintained that the security flaw introduced by Superfish software was not, directly, attributable to its own code; rather, "it appears [a] third-party add-on introduced a potential vulnerability that we did not know about" into the product. He identified the source of the problem as code authored by the tech company Komodia, which deals with, among other things, website security certificates.[23] Komodia was founded by Barak Weichselbaum, a former programmer for Israel's IDF Intelligence Core.[24] Komodia code is also present in other applications, among them, parental-control software; and experts have said "the Komodia tool could imperil any company or program using the same code" as that found within Superfish.[25] In fact, Komodia itself refers to its HTTPS-decrypting and interception software as an "SSL hijacker", and has been doing so since at least January 2011.[26] Its use by more than 100 corporate clients may jeopardize "the sensitive data of not just Lenovo customers but also a much larger base of PC users".[27] Komodia was closed in 2018.[28]

Products edit

Superfish's first product, WindowShopper, was developed as a browser add-on for desktop and mobile devices, directing users who hover over browser images to shopping Web sites to purchase similar products. As of 2014, WindowShopper had approximately 100 million monthly users, and according to Xconomy, "a high conversion to sale rate for soft goods". Superfish's business model is based on receiving affiliate fees on each sale.[15]

The core technology, Superfish VisualDiscovery, is installed as a man-in-the-middle proxy on some Lenovo laptops. It injects advertising into results from Internet search engines; it also intercepts encrypted (SSL/TLS) connections.[7][29]

In 2014, Superfish released new apps based on its image search technology.

See also edit

References edit

  1. ^ a b Hoge, Patrick (October 21, 2014). "Superfish dives deep into visual search". San Francisco Business Times. Retrieved November 16, 2014.
  2. ^ a b "Microsoft, Lenovo scramble to protect users from Superfish security flaw". CBSnews.com. CBS/AP. February 22, 2015. Retrieved September 11, 2015.
  3. ^ Hirschauge, Orr (December 25, 2013). "Another blow to Israel's 'Download Valley' as Google bans toolbars". Haaretz.com. Retrieved September 11, 2015. Among the companies in Download Valley most likely to be hurt by the change are the startups Revizer, Superfish, CrossReader and the Client Connect division of the company Conduit …
  4. ^ a b c "Alert: Lenovo "Superfish" Adware Vulnerable to HTTPS Spoofing". United States Computer Emergency Readiness Team. February 20, 2015. Retrieved February 20, 2015.
  5. ^ a b Fox-Brewster, Thomas (February 19, 2015). "How Lenovo's Superfish 'Malware' Works And What You Can Do To Kill It". Forbes. Retrieved February 20, 2015.
  6. ^ a b Chacos, Brad (February 20, 2015). "Bravo! Windows Defender update fully removes Lenovo's dangerous Superfish malware". PC World. Retrieved February 20, 2015.
  7. ^ a b Williams, Owen (February 19, 2015). "Lenovo caught installing adware on new computers". The Next Web. Retrieved February 19, 2015.
  8. ^ a b Hern, Alex (February 19, 2015). "Lenovo accused of compromising user security by installing adware on new PCs". The Guardian. Retrieved February 19, 2015.
  9. ^ "U.S. government urges Lenovo customers to remove Superfish software". Reuters. February 20, 2015. Retrieved February 20, 2015.
  10. ^ "Superfish gets $10M for image search". San Francisco Business Times. July 30, 2013.
  11. ^ "Q&A: Adi Pinhas, founder and CEO of tech startup Superfish". San Jose Mercury News. January 2, 2015.
  12. ^ a b c Fox-Brewster, Thomas (February 19, 2015). "Superfish: A History Of Malware Complaints And International Surveillance". Forbes. Retrieved February 21, 2015.
  13. ^ "Executive Profile – Michael Chertok – Co-Founder and Chief Technology Officer, Superfish, Inc". Bloomberg, retrieved. Retrieved February 20, 2015.
  14. ^ Craig, Elise (July 16, 2014). "Superfish Aims to Dominate Visual Search, One Product at a Time". Xconomy. Retrieved November 17, 2014.
  15. ^ a b Craig, Elise (July 16, 2014). "Superfish Aims to Dominate Visual Search, One Product at a Time". Xconomy. p. 2. Retrieved November 17, 2014.
  16. ^ "America's Most Promising Companies". Forbes. January 2015. Retrieved February 21, 2015.
  17. ^ "What Will It Take for Visual Search to Catch On?". eMarketer. November 11, 2014. Retrieved November 17, 2014.
  18. ^ Weiss, Vered (September 3, 2014). "Adi Pinhas' Superfish #1 Fastest Growing Private Software Company in the US". Jewish Business News. Retrieved November 17, 2014.
  19. ^ . ABC News. May 28, 2015. Archived from the original on May 29, 2015. Retrieved May 31, 2015.
  20. ^ Valsorda, Filippo (February 20, 2015). "Komodia/Superfish SSL Validation is broken". Retrieved February 25, 2015.
  21. ^ Auerbach, David (February 20, 2015). "You Had One Job, Lenovo". Slate. Retrieved February 21, 2015.
  22. ^ "Gefährliche Adware: Mehr als ein Dutzend Anwendungen verbreiten Superfish-Zertifikat" [Dangerous Aware: More than a Dozen Applications spreading Superfish Certificate]. Heise Security (in German). February 24, 2015. Retrieved May 5, 2015.
  23. ^ "Superfish denies blame in Lenovo security mess". The Mercury News: siliconbeat. February 20, 2015.
  24. ^ Brewster, Thomas (February 20, 2015). "The Company Behind Lenovo's Dangerous Superfish Tech Claims It's Under Attack". forbes.com. Retrieved January 25, 2023. In a brief email conversation with Barak Weichselbaum, Komodia's founder who was once a programmer in Israel's IDF's Intelligence Core,...
  25. ^ "Palo Alto startup points fingers over Lenovo ad software security flaws". Contra Costa Times. February 23, 2015.
  26. ^ . Komodia Inc. December 14, 2010. Archived from the original on January 22, 2011. Retrieved February 27, 2015.
  27. ^ ""SSL hijacker" behind Superfish debacle imperils large number of users". ars technica. February 20, 2015.
  28. ^ "About". Komodia. December 13, 2010.
  29. ^ Duckett, Chris (February 19, 2015). "Lenovo accused of pushing Superfish self-signed MITM proxy". DNet. Retrieved February 19, 2015.

December 15, 2023
superfish, advertising, company, that, developed, various, advertising, supported, software, products, based, visual, search, engine, company, based, palo, alto, california, founded, israel, 2006, been, regarded, part, country, download, valley, cluster, adwar. Superfish was an advertising company that developed various advertising supported software products based on a visual search engine The company was based in Palo Alto California 1 It was founded in Israel in 2006 2 and has been regarded as part of the country s Download Valley cluster of adware companies 3 Superfish s software is malware and adware 4 5 6 7 8 The software was bundled with various applications as early as 2010 and Lenovo began to bundle the software with some of its computers in September 2014 4 On February 20 2015 the United States Department of Homeland Security advised uninstalling it and its associated root certificate because they make computers vulnerable to serious cyberattacks including interception of passwords and sensitive data being transmitted through browsers 4 9 SuperfishTypePrivateIndustryInternetFounded2006 2006 DefunctMay 2015FateClosedSuccessorJustVisual comHeadquartersPalo Alto California United StatesKey peopleAdi Pinhas co founder amp CEO Michael Chertok co founder amp CTO ServicesVisual search 1 Revenuec 40 millionNumber of employees90 Contents 1 History 1 1 Lenovo security incident 2 Products 3 See also 4 ReferencesHistory editSuperfish was founded in 2006 by Adi Pinhas and Michael Chertok 2 10 Pinhas is a graduate of Tel Aviv University 11 In 1999 he co founded Vigilant Technology which invented digital video recording for the surveillance market according to his LinkedIn profile better source needed Before that he worked at Verint an intelligence company that analyzed telephone signals and had allegedly tapped Verizon communication lines 12 Chertok is a graduate of Technion and Bar Ilan University with 10 years of experience in large scale real time data mining systems 13 Since its founding Superfish has used a team of a dozen or so PhDs primarily to develop algorithms for the comparison and matching of images It released its first product WindowShopper in 2011 14 WindowShopper immediately prompted a large number of complaints on Internet message boards from users who did not know how the software had been installed on their machines 12 Superfish initially received funding from Draper Fisher Jurvetson and to date has raised over 20 million mostly from DFJ and Vintage Investment Partners 15 Forbes listed the company as number 64 on their list of America s most promising companies 16 Pinhas in 2014 stated that Visual search is not here to replace the keyboard visual search is for the cases in which I have no words to describe what I see 17 As of 2014 Superfish products had over 80 million users 18 In May 2015 following the Lenovo security incident see below and to distance itself from the fallout the team behind Superfish changed its name and moved its activities to JustVisual com 19 Lenovo security incident edit Users had expressed concerns about scans of SSL encrypted web traffic by Superfish Visual Search software pre installed on Lenovo machines since at least early December 2014 citation needed This became a major public issue however only in February 2015 The installation included a universal self signed certificate authority the certificate authority allows a man in the middle attack to introduce ads even on encrypted pages The certificate authority had the same private key across laptops this allowed third party eavesdroppers to intercept or modify HTTPS secure communications without triggering browser warnings by either extracting the private key or using a self signed certificate 5 8 20 On February 20 2015 Microsoft released an update for Windows Defender which removes Superfish 6 In an article in Slate tech writer David Auerbach compares the incident to the Sony DRM rootkit scandal and says of Lenovo s actions installing Superfish is one of the most irresponsible mistakes an established tech company has ever made 21 On February 24 2015 Heise Security published an article revealing that the certificate in question would also be spread by a number of applications from other companies including SAY Media and Lavasoft s Ad Aware Web Companion 22 Criticisms of Superfish software predated the Lenovo incident and were not limited to the Lenovo user community as early as 2010 users of computers from other manufacturers had expressed concerns in online support and discussion forums that Superfish software had been installed on their computers without their knowledge by being bundled with other software 12 CEO Pinhas in a statement prompted by the Lenovo disclosures maintained that the security flaw introduced by Superfish software was not directly attributable to its own code rather it appears a third party add on introduced a potential vulnerability that we did not know about into the product He identified the source of the problem as code authored by the tech company Komodia which deals with among other things website security certificates 23 Komodia was founded by Barak Weichselbaum a former programmer for Israel s IDF Intelligence Core 24 Komodia code is also present in other applications among them parental control software and experts have said the Komodia tool could imperil any company or program using the same code as that found within Superfish 25 In fact Komodia itself refers to its HTTPS decrypting and interception software as an SSL hijacker and has been doing so since at least January 2011 26 Its use by more than 100 corporate clients may jeopardize the sensitive data of not just Lenovo customers but also a much larger base of PC users 27 Komodia was closed in 2018 28 Products editSuperfish s first product WindowShopper was developed as a browser add on for desktop and mobile devices directing users who hover over browser images to shopping Web sites to purchase similar products As of 2014 WindowShopper had approximately 100 million monthly users and according to Xconomy a high conversion to sale rate for soft goods Superfish s business model is based on receiving affiliate fees on each sale 15 The core technology Superfish VisualDiscovery is installed as a man in the middle proxy on some Lenovo laptops It injects advertising into results from Internet search engines it also intercepts encrypted SSL TLS connections 7 29 In 2014 Superfish released new apps based on its image search technology See also editBrowser hijacking Computer vision Concept based image indexing Content based image retrieval Image processing Image retrieval MalwareReferences edit a b Hoge Patrick October 21 2014 Superfish dives deep into visual search San Francisco Business Times Retrieved November 16 2014 a b Microsoft Lenovo scramble to protect users from Superfish security flaw CBSnews com CBS AP February 22 2015 Retrieved September 11 2015 Hirschauge Orr December 25 2013 Another blow to Israel s Download Valley as Google bans toolbars Haaretz com Retrieved September 11 2015 Among the companies in Download Valley most likely to be hurt by the change are the startups Revizer Superfish CrossReader and the Client Connect division of the company Conduit a b c Alert Lenovo Superfish Adware Vulnerable to HTTPS Spoofing United States Computer Emergency Readiness Team February 20 2015 Retrieved February 20 2015 a b Fox Brewster Thomas February 19 2015 How Lenovo s Superfish Malware Works And What You Can Do To Kill It Forbes Retrieved February 20 2015 a b Chacos Brad February 20 2015 Bravo Windows Defender update fully removes Lenovo s dangerous Superfish malware PC World Retrieved February 20 2015 a b Williams Owen February 19 2015 Lenovo caught installing adware on new computers The Next Web Retrieved February 19 2015 a b Hern Alex February 19 2015 Lenovo accused of compromising user security by installing adware on new PCs The Guardian Retrieved February 19 2015 U S government urges Lenovo customers to remove Superfish software Reuters February 20 2015 Retrieved February 20 2015 Superfish gets 10M for image search San Francisco Business Times July 30 2013 Q amp A Adi Pinhas founder and CEO of tech startup Superfish San Jose Mercury News January 2 2015 a b c Fox Brewster Thomas February 19 2015 Superfish A History Of Malware Complaints And International Surveillance Forbes Retrieved February 21 2015 Executive Profile Michael Chertok Co Founder and Chief Technology Officer Superfish Inc Bloomberg retrieved Retrieved February 20 2015 Craig Elise July 16 2014 Superfish Aims to Dominate Visual Search One Product at a Time Xconomy Retrieved November 17 2014 a b Craig Elise July 16 2014 Superfish Aims to Dominate Visual Search One Product at a Time Xconomy p 2 Retrieved November 17 2014 America s Most Promising Companies Forbes January 2015 Retrieved February 21 2015 What Will It Take for Visual Search to Catch On eMarketer November 11 2014 Retrieved November 17 2014 Weiss Vered September 3 2014 Adi Pinhas Superfish 1 Fastest Growing Private Software Company in the US Jewish Business News Retrieved November 17 2014 After Security Scandal a Tech Firm Says It s Changing Focus ABC News May 28 2015 Archived from the original on May 29 2015 Retrieved May 31 2015 Valsorda Filippo February 20 2015 Komodia Superfish SSL Validation is broken Retrieved February 25 2015 Auerbach David February 20 2015 You Had One Job Lenovo Slate Retrieved February 21 2015 Gefahrliche Adware Mehr als ein Dutzend Anwendungen verbreiten Superfish Zertifikat Dangerous Aware More than a Dozen Applications spreading Superfish Certificate Heise Security in German February 24 2015 Retrieved May 5 2015 Superfish denies blame in Lenovo security mess The Mercury News siliconbeat February 20 2015 Brewster Thomas February 20 2015 The Company Behind Lenovo s Dangerous Superfish Tech Claims It s Under Attack forbes com Retrieved January 25 2023 In a brief email conversation with Barak Weichselbaum Komodia s founder who was once a programmer in Israel s IDF s Intelligence Core Palo Alto startup points fingers over Lenovo ad software security flaws Contra Costa Times February 23 2015 Komodia s SSL Decoder Digestor product page Komodia Inc December 14 2010 Archived from the original on January 22 2011 Retrieved February 27 2015 SSL hijacker behind Superfish debacle imperils large number of users ars technica February 20 2015 About Komodia December 13 2010 Duckett Chris February 19 2015 Lenovo accused of pushing Superfish self signed MITM proxy DNet Retrieved February 19 2015 Retrieved from https en wikipedia org w index php title Superfish amp oldid 1172088591, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.