Results 1 to 7 of 7
Like Tree2Likes
  • 1 Post By Witchywoman
  • 1 Post By MohandasKGanja

Thread: Do you have a Lenovo laptop - PLEASE READ

  1. #1
    Elite Member MohandasKGanja's Avatar
    Join Date
    Apr 2008
    Location
    Wherever my kids are
    Posts
    24,817

    Default Do you have a Lenovo laptop - PLEASE READ

    I hear this story on the news this week but didn't realize how bad it was until I read this Slate article. This is the beginning of the article - the rest is at the link:
    You Had One Job, Lenovo

    And it didn’t involve sneaking malicious adware onto your customers’ computers.
    By David Auerbach

    When Lenovo preinstalled Superfish adware on its laptops, it betrayed its customers and sold out their security. It did it for no good reason, and it may not even have known what it was doing. I’m not sure which is scarier. The various news reports of this catastrophe don’t quite convey the sheer horror and disbelief with which any technically minded person is now reacting to Lenovo’s screw-up. Security researcher Marc Rogers wrote that it’s “quite possibly the single worst thing I have seen a manufacturer do to its customer base. … I cannot overstate how evil this is.” He’s right. The Lenovo Superfish security hole is really, really bad.
    Advertisement


    To recap: Since at least September, Lenovo has been shipping OEM Windows laptops preloaded with Superfish “adware,” which would rudely inject its own shopping results into your browser when you searched on Google, Amazon, and other websites. This sort of behavior is associated more with spyware than with factory-shipped operating-system installs, and by itself would be a new low for Lenovo. But Superfish is more than just pesky. It’s the most virulent, evil adware you could find.

    Lenovo sold its soul to the devil and forgot to get much in return. Homer Simpson would’ve made a better Faustian bargain.

    By installing a single self-signed root certificate (trust me: That’s really bad) across all of Lenovo’s affected machines, Superfish intentionally pokes a gigantic hole into your browser security and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords, and anything else you might conceivably type there. As Errata Security’s Robert Graham put it, “I can intercept the encrypted communications of SuperFish’s victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot.” If you have a Lenovo laptop that has Superfish on it (try Filippo Valsorda’s Superfish test to see), I would advise nothing short of wiping the entire machine and installing vanilla Windows—not Lenovo’s Windows. Then change all of your passwords.

    So ghastly a perversion is Superfish’ self-signed root certificate that many of us have practically been walking around with our jaws on the floor since the news broke Wednesday night. My Facebook wall is filled with outraged profanity from software engineers. Installing Superfish is one of the most irresponsible mistakes an established tech company has ever made. Reckless, careless, and appalling don’t even come close to covering it.

    The closest antecedent is the Sony DRM rootkit scandal of 2005, in which Sony automatically installed malware onto users’ computers whenever someone loaded certain of their CDs. That rootkit malware could be hijacked by another hacker, and in its shortsighted greed Sony did nothing to stop piracy while compromising the security of millions of users. But at least Sony had a clear (though futile) motive—stopping people from freely ripping its CDs. Lenovo claims it installed Superfish to “enhance our users’ shopping experience.” Whatever commissions Lenovo mighthave received from Superfish must have been paltry, especially compared with the severity of Superfish’s root-certificate hole—which, stunningly, leaves users even more exposed than Sony’s rootkit did. Lenovo sold its soul to the devil and forgot to get much of anything in return. Homer Simpson would’ve made a better Faustian bargain.

  2. #2
    Elite Member Witchywoman's Avatar
    Join Date
    Jan 2006
    Location
    vat of chocolate
    Posts
    4,069

    Default

    Holy shit Im having a melt down right now, my heart is pounding. testing right now.
    spinmonkey likes this.

  3. #3
    Elite Member Witchywoman's Avatar
    Join Date
    Jan 2006
    Location
    vat of chocolate
    Posts
    4,069

    Default

    Ok I went to the Filippo link didn't do a thing and this popped up "
    Also no other Komodia product was detected on your system.

    Im cool???

  4. #4
    Elite Member MohandasKGanja's Avatar
    Join Date
    Apr 2008
    Location
    Wherever my kids are
    Posts
    24,817

    Default

    Quote Originally Posted by Witchywoman View Post
    Ok I went to the Filippo link didn't do a thing and this popped up "
    Also no other Komodia product was detected on your system.

    Im cool???
    Supposedly, that's a good sign. I've already tested three machines here and they came up with the same message. Just to be sure, go to this link on the Lenovo web site:

    Superfish Vulnerability - Lenovo Support (US)

    And review their updates about their products. It does look like they are doing everything they can to limit the damage.
    Witchywoman likes this.

  5. #5
    Gold Member spinmonkey's Avatar
    Join Date
    Oct 2005
    Location
    'Scansin
    Posts
    889

    Default

    I got same message. I got mine before last September though. But still, pisses me off since a good techy friend of mine suggested a Lenovo and i love the damn thing. Thank you for posting this. I grazed an article a couple of weeks ago, but was in a hurry and didn't really absorb.
    Drive-by poster

  6. #6
    Elite Member
    Join Date
    Oct 2011
    Location
    On Howard Stern's Sybian
    Posts
    2,837

    Default

    This is so fucked up. Does the government own a stake in this company by any chance? I'm a tinfoil hat wearer like that.
    "You'll have to speak up, I'm wearing a towel."

  7. #7
    Elite Member Brah's Avatar
    Join Date
    Nov 2010
    Posts
    7,832

    Default

    omg, i just had a heart attack since I have a Lenovo tablet and have ordered stuff online with it--their site says they never added Superfish onto any of their tablets (or any other device besides laptops, iirc).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to Steampunk your laptop
    By Novice in forum Computers and Technology
    Replies: 6
    Last Post: February 21st, 2010, 10:47 PM
  2. PC to laptop transfer
    By Chalet in forum Computers and Technology
    Replies: 2
    Last Post: May 18th, 2009, 08:53 AM
  3. MAC laptop question
    By suede in forum Computers and Technology
    Replies: 11
    Last Post: August 28th, 2008, 10:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •