IT Alerts Dashboard

SuperFish Adware Infections

2/23/2015 2:03pm Problem

Information Security has detected numerous infections by the adware program Superfish.

Adware is typically not as dangerous as password stealers or other types of infections, however, this program has been paired with a Man-In-The-Middle SSL Certificate originally found on Lenovo laptops sold in fall of 2014.

This certificate, when installed as a trusted certificate, shows any web-site's certificate as valid, whether fake or not, essentially breaking the trust model for SSL.

Information Security will start notifying end-users and IT Workers of machines running Superfish. Users can check to see if they have the malicious certificate installed by visiting this page:

  • https://filippo.io/Badfish/

If the site alerts you to the malicious certificate, removal instructions can be found here:

  • https://filippo.io/Badfish/removing.html

It appears other companies may be guilty of the same behavior. More info can be found in the following links:

  • http://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/
  • http://www.zdnet.com/article/lenovos-superfish-its-worse-than-we-thought/
  • http://arstechnica.com/security/2015/02/superfish-doubles-down-says-https-busting-adware-poses-no-security-risk/
  • https://www.google.com/search?q=superfish

This Alert displays the latest status for most Enterprise Reporting data and reports.

Warehouses and Data Last Updated
Finance Data Warehouse 02/26/2015 at 10:30 p.m.
Human Resources Data Warehouse 02/26/2015 at 9:30 p.m.
Student Financials Warehouse 02/26/2015 at 7:00 p.m.
Financial Information Tool (FIT) Cubes 02/26/2015 at 10:30 p.m.
Delivered Reports Available Periods
Bi-weekly Cost Distribution Detail (PDF and XLS) 02/16/2015
Preliminary Paylist 02/26/2015
Final Paylist 02/12/2015
Salary Status Detail Cost Projections (Except funds 201 and 209) 02/27/2015 through 06/30/2015*
Salary Status Detail Cost Projections (Funds 201 and 209) 02/27/2015 through grant end dates*

*Assuming you are assigned the appropriate security roles to do so, you may sign-on to myUFL and use the following navigation paths as required.

Projected PayrollUF Projected Payroll>UF Projected Payroll.

DistributionsSetup HRMS>Product Related>Commitment Accounting>Budget Information>Department Budget Table USA.

Please contact the UF Help Desk at 392-HELP or helpdesk@ufl.edu if there are any issues with the reports.

Enterprise Reporting Link Available Versions
Department Reports October 2005 - January 2015
Fund Reports October 2005 - January 2015
Sponsored Programs Reports* February 2006 - January 2015
Residual/Overhead Projects December 2005 - January 2015
Construction Project Reports May 2006 - January 2015


* The PI Summary Reports were first made available in July 2006.

Please contact the UF Help Desk at 392-HELP or helpdesk@ufl.edu if there are any issues with the reports.