Professional Soldiers ®

Professional Soldiers ® (http://www.professionalsoldiers.com/forums/index.php)
-   Technology News and Reviews (http://www.professionalsoldiers.com/forums/forumdisplay.php?f=96)
-   -   You Had One Job, Lenovo (http://www.professionalsoldiers.com/forums/showthread.php?t=48181)

JJ_BPK 02-22-2015 10:43
You Had One Job, Lenovo
 
I don't do this much anymore, but I think this needs to be distributed as widely as possible.

Most of us old IBM'ers had major angina when Lenovo took over the IBM PC business..

Well, it looks like the Tin Foil Hat crowd was correct.

Lenovo has bugged the PC's it's building..

Here is a link that shows you how to get rid of the bug..

http://www.slate.com/blogs/future_te...o_laptops.html

Pass this to any of your friends that may be affected..

Quote:
http://www.slate.com/articles/techno...ing_screw.html

You Had One Job, Lenovo

And it didn't involve sneaking malicious adware onto your customers' computers.

When Lenovo preinstalled Superfish adware on its laptops, it betrayed its customers and sold out their security. It did it for no good reason, and it may not even have known what it was doing. I'm not sure which is scarier.

The various news reports of this catastrophe don't quite convey the sheer horror and disbelief with which any technically minded person is now reacting to Lenovo's screw-up. Security researcher Marc Rogers wrote that it's "quite possibly the single worst thing I have seen a manufacturer do to its customer base. . I cannot overstate how evil this is." He's right. The Lenovo Superfish security hole is really, really bad.

To recap: Since at least September, Lenovo has been shipping OEM Windows laptops preloaded with Superfish "adware," which would rudely inject its own shopping results into your browser when you searched on Google, Amazon, and other websites. This sort of behavior is associated more with spyware than with factory-shipped operating-system installs, and by itself would be a new low for Lenovo. But Superfish is more than just pesky. It's the most virulent, evil adware you could find.

By installing a single self-signed root certificate (trust me: That's really bad) across all of Lenovo's affected machines, Superfish intentionally pokes a gigantic hole into your browser security and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords, and anything else you might conceivably type there.

As Errata Security's Robert Graham put it, "I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot." If you have a Lenovo laptop that has Superfish on it (try Filippo Valsorda's Superfish test to see).

https://filippo.io/Badfish/?utm_sour..._medium=tumblr

I would advise nothing short of wiping the entire machine and installing vanilla Windows-not Lenovo's Windows. Then change all of your passwords.

So ghastly a perversion is Superfish' self-signed root certificate that many of us have practically been walking around with our jaws on the floor since the news broke Wednesday night. My Facebook wall is filled with outraged profanity from software engineers. Installing Superfish is one of the most irresponsible mistakes an established tech company has ever made.



MR2 02-22-2015 11:47
Told you so.

The Reaper 02-22-2015 13:17
How is this a surprise to anyone?

TR

x SF med 02-22-2015 19:27
This is why I check certificates as soon as I purchase a computer or install any software. If the cert isn't by the manufacturer or the software company it's gone. If I screw up, I can get a new cert by getting in tough with the manufacturer.

I own a Lenovo, it's actually the one I'm posting with here, and all certs that I did not recognize, were gone before I started posting anywhere.

Flagg 02-22-2015 21:38
It's like the Chinese government adopting Windows.

Of that's right......they didn't. ;)

A couple others include:

Australia banning Huawei(China's version of Cisco) from tendering on Australian national internet infrastructure:

http://gadgets.ndtv.com/others/news/...project-224063

I believe the Philippines even ripped out some Huawei gear for critical networks.

But here in NZ?

http://www.stuff.co.nz/business/worl...na-ex-CIA-boss

We've got Huawei product in our national internet infrastructure. :mad:


All times are GMT -6. The time now is 13:01.


Copyright 2004-2022 by Professional Soldiers ®