Shoot, I sent the wrong link. Here is the other one:

http://bits.blogs.nytimes.com/2015/02/22/lenovo-and-superfish-penetrate-the-heart-of-a-computers-security/

To check if you're vulnerable (test with all installed browsers):
https://filippo.io/Badfish/

Advise on how to remove:
security.stackexchange.com/questions/82056/how-to-detect-if-i-am-vulnerable-to-superfish-and-how-to-remove-it

[...]

Well, in the above link this is a bit bothersome:

"The closely-guarded programme was discovered by Kaspersky Lab, the
Moscow-based security software maker that has exposed a series of
Western cyber-espionage operations."

Kaspersky works for Putin, so they only "discover" stuff that does not
show Moscow in bad light. I still worry less about NSA spying than about
Russian and Chinese spying.

Same thing. The HD has firmware (call it a "bios") made of
microcode. Some manufacturers offer updates to the codes (i.e. you can
flash your HD to a new version). Check out the Seagate site and read
all about it.
[]'s

You're mixing up your articles.

There are three that come to mind.

1) Computrace/Lojack for laptops. There is a BIOS component, which
is part of tracking stolen laptops. On the affected machines,
it is "accidently activated", even though the customer did not
pay for the Windows portion of the installation. This added code
in the BIOS, is able to "call home" and infect the Windows installation
each time (so that even if you re-install Windows on a clean hard drive),
the BIOS feature can still get in.

If that had been working properly, the BIOS portion wouldn't be
doing anything, unless the customer had installed the Windows
portion of it.

2) NSA and hard drives. NSA was discovered hijacking shipments of
hard drives, and changing the firmware in the hard drive. This
allows the hard drive to alter or offer additional code when
Windows is booting.

Firmware on a hard drive can be "flashed", but there is a good
chance the actual code is stored on the platter itself. The hard
drive firmware is in two pieces - bootstrap code inside the
controller chip (no external PROM), plus the main operational
code stored on the platter.

Shipments of hard drives not intercepted by the NSA, don't
have that code on them. They did not enter the hard drive
factory, and cause all the hard drives to be infected. Only
the drives headed to certain countries.

3) Lenovo and Superfish program (cruftware) plus Superfish
SSL certificate. The Superfish program should be removed,
as well as the bogus certificate. There is a list of
affected laptops or tablets. If you didn't trust Lenovo,
simply reinstalling the OS (nuke and pave) from a Microsoft DVD,
removes all trace of the problem.

(1) and (2) are going to be harder to deal with.

The Lenovo one (3), calls into question Lenovo technical skills
(clueless).

Paul