02-22-2015, 10:43
|
#1
|
Quiet Professional
Join Date: Apr 2008
Location: 18 yrs upstate NY, 30 yrs South Florida, 20 yrs Conch Republic, now chasing G-Kids in NOVA & UK
Posts: 11,901
|
You Had One Job, Lenovo
I don't do this much anymore, but I think this needs to be distributed as widely as possible.
Most of us old IBM'ers had major angina when Lenovo took over the IBM PC business..
Well, it looks like the Tin Foil Hat crowd was correct.
Lenovo has bugged the PC's it's building..
Here is a link that shows you how to get rid of the bug..
http://www.slate.com/blogs/future_te...o_laptops.html
Pass this to any of your friends that may be affected..
Quote:
http://www.slate.com/articles/techno...ing_screw.html
You Had One Job, Lenovo
And it didn't involve sneaking malicious adware onto your customers' computers.
When Lenovo preinstalled Superfish adware on its laptops, it betrayed its customers and sold out their security. It did it for no good reason, and it may not even have known what it was doing. I'm not sure which is scarier.
The various news reports of this catastrophe don't quite convey the sheer horror and disbelief with which any technically minded person is now reacting to Lenovo's screw-up. Security researcher Marc Rogers wrote that it's "quite possibly the single worst thing I have seen a manufacturer do to its customer base. . I cannot overstate how evil this is." He's right. The Lenovo Superfish security hole is really, really bad.
To recap: Since at least September, Lenovo has been shipping OEM Windows laptops preloaded with Superfish "adware," which would rudely inject its own shopping results into your browser when you searched on Google, Amazon, and other websites. This sort of behavior is associated more with spyware than with factory-shipped operating-system installs, and by itself would be a new low for Lenovo. But Superfish is more than just pesky. It's the most virulent, evil adware you could find.
By installing a single self-signed root certificate (trust me: That's really bad) across all of Lenovo's affected machines, Superfish intentionally pokes a gigantic hole into your browser security and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords, and anything else you might conceivably type there.
As Errata Security's Robert Graham put it, "I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot." If you have a Lenovo laptop that has Superfish on it (try Filippo Valsorda's Superfish test to see).
https://filippo.io/Badfish/?utm_sour..._medium=tumblr
I would advise nothing short of wiping the entire machine and installing vanilla Windows-not Lenovo's Windows. Then change all of your passwords.
So ghastly a perversion is Superfish' self-signed root certificate that many of us have practically been walking around with our jaws on the floor since the news broke Wednesday night. My Facebook wall is filled with outraged profanity from software engineers. Installing Superfish is one of the most irresponsible mistakes an established tech company has ever made.
|
__________________
Go raibh tú leathuair ar Neamh sula mbeadh a fhios ag an diabhal go bhfuil tú marbh
"May you be a half hour in heaven before the devil knows you’re dead"
|
JJ_BPK is offline
|
|
02-22-2015, 11:47
|
#2
|
Quiet Professional
Join Date: Nov 2011
Location: Location, Location
Posts: 4,000
|
Told you so.
__________________
The two most powerful warriors are patience and time - Leo Tolstoy
It's Never Crowded Along the Extra Mile - Wayne Dyer
WOKE = Willfully Overlooking Known Evil
|
MR2 is offline
|
|
02-22-2015, 13:17
|
#3
|
Quiet Professional
Join Date: Jan 2004
Location: Free Pineland
Posts: 24,780
|
How is this a surprise to anyone?
TR
__________________
"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat." - President Theodore Roosevelt, 1910
De Oppresso Liber 01/20/2025
|
The Reaper is offline
|
|
02-22-2015, 19:27
|
#4
|
Quiet Professional
Join Date: Apr 2006
Location: In transit somewhere
Posts: 4,044
|
This is why I check certificates as soon as I purchase a computer or install any software. If the cert isn't by the manufacturer or the software company it's gone. If I screw up, I can get a new cert by getting in tough with the manufacturer.
I own a Lenovo, it's actually the one I'm posting with here, and all certs that I did not recognize, were gone before I started posting anywhere.
__________________
In the business of war, there is no invariable stategic advantage (shih) which can be relied upon at all times.
Sun-Tzu, "The Art of Warfare"
Hearing, I forget. Seeing, I remember. Writing (doing), I understand. Chinese Proverb
Too many people are looking for a magic bullet. As always, shot placement is the key. ~TR
|
x SF med is offline
|
|
02-22-2015, 21:38
|
#5
|
Area Commander
Join Date: May 2011
Location: New Zealand
Posts: 1,423
|
It's like the Chinese government adopting Windows.
Of that's right......they didn't.
A couple others include:
Australia banning Huawei(China's version of Cisco) from tendering on Australian national internet infrastructure:
http://gadgets.ndtv.com/others/news/...project-224063
I believe the Philippines even ripped out some Huawei gear for critical networks.
But here in NZ?
http://www.stuff.co.nz/business/worl...na-ex-CIA-boss
We've got Huawei product in our national internet infrastructure.
|
Flagg is offline
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 05:25.
|
|
|