- Don’t break security protocols for the sake of a few shekels. The loss of trust from customers far outweighs the benefits.
- Don’t try to downplay the severity of your mistake. Doing so will only hinder efforts to regain customer trust.
There seems to be a neverending series of object lessons from overzealous IT vendors looking to increase their bottom line by exploiting the trust of their customers. This week, news broke causing shock and outrage that Lenovo had installed a broadly permissive CA certificate and secret key into the trusted certificate store of consumer laptops it sold, allowing it to vouch for anything. Lenovo also installed software on new consumer laptops that intercepted web connections and analyzed web images and then inserted targeted advertising into web pages to help. The intended purpose of Superfish, according to Mark Hopkins, program manager of Lenovo’s Social Media (Services) is to “[help] users find and discover products visually … [and] presents identical and similar product offers that may have lower prices,” said in one of its forums. Continue reading “An Object Lesson in Response: Lenovo Breaks SSL Trust, Bungles Messaging”