Old 02-22-2015, 10:43   #1
JJ_BPK
Quiet Professional
 
JJ_BPK's Avatar
 
Join Date: Apr 2008
Location: 18 yrs upstate NY, 30 yrs South Florida, 20 yrs Conch Republic, now chasing G-Kids in NOVA & UK
Posts: 11,901
You Had One Job, Lenovo

I don't do this much anymore, but I think this needs to be distributed as widely as possible.

Most of us old IBM'ers had major angina when Lenovo took over the IBM PC business..

Well, it looks like the Tin Foil Hat crowd was correct.

Lenovo has bugged the PC's it's building..

Here is a link that shows you how to get rid of the bug..

http://www.slate.com/blogs/future_te...o_laptops.html

Pass this to any of your friends that may be affected..

Quote:
http://www.slate.com/articles/techno...ing_screw.html

You Had One Job, Lenovo

And it didn't involve sneaking malicious adware onto your customers' computers.

When Lenovo preinstalled Superfish adware on its laptops, it betrayed its customers and sold out their security. It did it for no good reason, and it may not even have known what it was doing. I'm not sure which is scarier.

The various news reports of this catastrophe don't quite convey the sheer horror and disbelief with which any technically minded person is now reacting to Lenovo's screw-up. Security researcher Marc Rogers wrote that it's "quite possibly the single worst thing I have seen a manufacturer do to its customer base. . I cannot overstate how evil this is." He's right. The Lenovo Superfish security hole is really, really bad.

To recap: Since at least September, Lenovo has been shipping OEM Windows laptops preloaded with Superfish "adware," which would rudely inject its own shopping results into your browser when you searched on Google, Amazon, and other websites. This sort of behavior is associated more with spyware than with factory-shipped operating-system installs, and by itself would be a new low for Lenovo. But Superfish is more than just pesky. It's the most virulent, evil adware you could find.

By installing a single self-signed root certificate (trust me: That's really bad) across all of Lenovo's affected machines, Superfish intentionally pokes a gigantic hole into your browser security and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords, and anything else you might conceivably type there.

As Errata Security's Robert Graham put it, "I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot." If you have a Lenovo laptop that has Superfish on it (try Filippo Valsorda's Superfish test to see).

https://filippo.io/Badfish/?utm_sour..._medium=tumblr

I would advise nothing short of wiping the entire machine and installing vanilla Windows-not Lenovo's Windows. Then change all of your passwords.

So ghastly a perversion is Superfish' self-signed root certificate that many of us have practically been walking around with our jaws on the floor since the news broke Wednesday night. My Facebook wall is filled with outraged profanity from software engineers. Installing Superfish is one of the most irresponsible mistakes an established tech company has ever made.


__________________
Go raibh tú leathuair ar Neamh sula mbeadh a fhios ag an diabhal go bhfuil tú marbh

"May you be a half hour in heaven before the devil knows you’re dead"
JJ_BPK is offline   Reply With Quote
Old 02-22-2015, 11:47   #2
MR2
Quiet Professional
 
MR2's Avatar
 
Join Date: Nov 2011
Location: Location, Location
Posts: 3,997
Told you so.
__________________
The two most powerful warriors are patience and time - Leo Tolstoy

It's Never Crowded Along the Extra Mile - Wayne Dyer


WOKE = Willfully Overlooking Known Evil
MR2 is offline   Reply With Quote
Old 02-22-2015, 13:17   #3
The Reaper
Quiet Professional
 
The Reaper's Avatar
 
Join Date: Jan 2004
Location: Free Pineland
Posts: 24,779
How is this a surprise to anyone?

TR
__________________
"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat." - President Theodore Roosevelt, 1910

De Oppresso Liber 01/20/2025
The Reaper is offline   Reply With Quote
Old 02-22-2015, 19:27   #4
x SF med
Quiet Professional
 
x SF med's Avatar
 
Join Date: Apr 2006
Location: In transit somewhere
Posts: 4,044
This is why I check certificates as soon as I purchase a computer or install any software. If the cert isn't by the manufacturer or the software company it's gone. If I screw up, I can get a new cert by getting in tough with the manufacturer.

I own a Lenovo, it's actually the one I'm posting with here, and all certs that I did not recognize, were gone before I started posting anywhere.
__________________
In the business of war, there is no invariable stategic advantage (shih) which can be relied upon at all times.
Sun-Tzu, "The Art of Warfare"

Hearing, I forget. Seeing, I remember. Writing (doing), I understand. Chinese Proverb

Too many people are looking for a magic bullet. As always, shot placement is the key. ~TR
x SF med is offline   Reply With Quote
Old 02-22-2015, 21:38   #5
Flagg
Area Commander
 
Join Date: May 2011
Location: New Zealand
Posts: 1,423
It's like the Chinese government adopting Windows.

Of that's right......they didn't.

A couple others include:

Australia banning Huawei(China's version of Cisco) from tendering on Australian national internet infrastructure:

http://gadgets.ndtv.com/others/news/...project-224063

I believe the Philippines even ripped out some Huawei gear for critical networks.

But here in NZ?

http://www.stuff.co.nz/business/worl...na-ex-CIA-boss

We've got Huawei product in our national internet infrastructure.
Flagg is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -6. The time now is 15:04.



Copyright 2004-2022 by Professional Soldiers ®
Site Designed, Maintained, & Hosted by Hilliker Technologies