Jump to content

Lenovo laptops may have nasty factory installed malware


skp51443

Recommended Posts

http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

 

Just the update, if you have a Lenovo in this timeframe read the whole thing and clean your system. If you have friends with one you might pass this along.

 

 

[update: Lenovo has released a statement saying Superfish was installed on consumer laptops shipped between October and December 2014. The manufacturer said it stopped preloading Superfish in January 2015 and has no plans to resume the practice. Amazingly, the company said it did "not find any evidence to substantiate security concerns," but added that it's responding to them anyway. People who are concerned their PC may contain this critical vulnerability can check at https://filippo.io/Badfish/. The website was designed by one of the same researchers who published a site to scan websites for the catastrophic Heartbleed weakness in OpenSSL.]

Superfish presumably installs the root certificates so it can inject ads into encrypted Web pages. By many people's standards, that's bad. But adware that breaks HTTPS connections and may make users vulnerable to man-in-the-middle attacks that are trivial to carry out is orders of magnitude worse. Stay tuned. We'll all be hearing much more about the Superfish debacle in the days and weeks ahead.

 

The reaction from Lenovo is not a good one, it implies a very deep lack of understanding that is scary for the company that has taken over the IBM PC and laptop manufacturing business and gotten the access that IBM's trusted reputation gave them to be this tone deaf.

First rule of computer consulting:

Sell a customer a Linux computer and you'll eat for a day.

Sell a customer a Windows computer and you'll eat for a lifetime.

Link to comment
Share on other sites

One more article A couple more articles,

 

http://www.theregister.co.uk/2015/02/20/superfish_is_malware_us_government/

 

 

 

Updated to add

It's claimed the Komodia proxy server used by the Superfish adware is worse than previously thought: any man-in-the-middle attacker can create a spoof HTTPS website that is trusted by laptops with the Superfish root CA certificate installed, without having to use the extracted private key. Self-signed SSL certificates are converted into valid ones, we're told.

"All the users out there with Komodia-powered Parental Control software or adware [can] have their banking connections easily intercepted. Well, good job," says CloudFlare security bod Filippo Valsorda.

"It's catastrophic. It's the only way all this mess could have been even worse."

 

 

Edit, wrong topic for second article...

First rule of computer consulting:

Sell a customer a Linux computer and you'll eat for a day.

Sell a customer a Windows computer and you'll eat for a lifetime.

Link to comment
Share on other sites

Interesting. One of the most powerful menu systems in the Drupal and WordPress world is called Superfish and it is not malware.

Please click for Emails instead of PM
Mark & Dale
Joey - 2016 Bounder 33C Tige - 2006 40' Travel Supreme
Sparky III - 2021 Mustang Mach-e, off the the Road since 2019
Useful HDT Truck, Trailer, and Full-timing Info at
www.dmbruss.com

Link to comment
Share on other sites

  • 2 weeks later...

Good reading and ideas in this article:

 

http://www.computerworld.com/article/2894233/web-browsers-are-also-to-blame-for-lenovos-superfish-fiasco.html

 

 

Lenovo pre-installing Superfish software was a security disaster. Whether Lenovo was evil, or, as they eventually claimed, merely incompetent, it's hard to trust them going forward. If nothing else, their initial denials that anything was wrong, leave a lasting impression. Of course, Superfish, along with the software that they bundled from Komodia, also deserve plenty of blame for breaking the security of HTTPS and SSL/TLS.

Taking a step back however, blame also falls on our web browsers.
Google (Chrome), Microsoft (Internet Explorer), Apple (Safari) and Mozilla (Firefox) enable the security hack that Superfish and others such as PrivDog and Gogo engage in. They do this by omission, not commission.

First rule of computer consulting:

Sell a customer a Linux computer and you'll eat for a day.

Sell a customer a Windows computer and you'll eat for a lifetime.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

RVers Online University

campgroundviews.com

RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...