

A simple test for Lenovo users, to check if they are affected by Superfish - FiloSottile
https://filippo.io/Badfish/

======
Someone1234
I might be being dumb here, but how does this work? I cannot see any
JavaScript that accomplishes the test, so I am guessing server side?

edit: Nevermind. I see how it works now.

They installed the Superfish certificate at badfish.filippo.io then request
yes.png
([https://badfish.filippo.io/yes.png](https://badfish.filippo.io/yes.png)), if
your browser has Superfish in the trusted root store then the yes.png is
returned from that URL, however if you have a clean machine then
badfish.filippo.io throws a certificate error and yes.png is not returned, and
instead "no.png" is displayed via the alt tag from the base domain (which
doesn't use a Superfish certificate
[https://filippo.io/Badfish/no.png](https://filippo.io/Badfish/no.png)).

Simple but clever.

------
ewzimm
For those who have it, here are removal instructions:
[http://stackoverflow.com/a/28607630](http://stackoverflow.com/a/28607630)

------
jtheory
Sigh... I'm on a Lenovo laptop. I opened the link and saw this in large type:

 _Do the test with Internet Explorer or Chrome first._

And I'm in... Firefox. I get the "probably not" image in both FF and Chrome
now, but does that (unexplained) warning indicate that I've nullified the
test?

I don't seem to have the Superfish program installed; but this is
unnecessarily confusing.

------
pieter_mj
fyi, the test on that page will also be positive in the case you have any
other mitm certificate - eg company proxy software.

~~~
FiloSottile
It shouldn't since the proxy should disallow a connection with an untrusted
certificate.

If it does, please speak to your sysadmin ASAP. Anyone can intercept any HTTPS
connection your company does. Probably a compliance breach.

Software brand?

~~~
pieter_mj
[http://www.websense.com](http://www.websense.com)

