ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Lenovo - if it's on your network, you ARE breached.

    IT Discussion
    lenovo security
    14
    93
    10.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1
      last edited by scottalanmiller

      Excuse me a minute while I have a @JaredBusch and @scottalanmiller combination moment here.

      FFS people, I'd testify to this in court!

      1. Superfish was not only in the factory image, it's also contained in the hardware drivers. No amount of anything will protect you from the drivers! Trying to use a generic driver disables the hardware. Known issue with wifi chips from Lenovo.

      2. BIOS access. Yes, every server has a way to do remote management of said server. Nobody, other than Lenovo, has BIOS level access via a hard coded url and single password for every single box. Yes, they fixed it by changing the password.

      On top of those ongoing issues are the lies and half-truths they're always pushing. Like the "No business class machines have Superphish" when they had just reclassified all the lines of business machines that had it to consumer 5 days before.

      Using Lenovo is itself a data breach. They haven't properly fixed any of this yet!

      I also wanted a single place to go in order to get this information collated and more publicized. Let me know everything I've forgotten or messed up!

      1 Reply Last reply Reply Quote 3
      • T
        Texkonc
        last edited by

        I have always been skeptical of them even before superfish. Something just didnt add up with them.

        1 Reply Last reply Reply Quote 2
        • DashrenderD
          Dashrender
          last edited by

          I just warned 3 people off Lenovo yesterday.

          1 Reply Last reply Reply Quote 1
          • DashrenderD
            Dashrender
            last edited by

            The OP should be updated with links to credible news stories talking about the listed issues.
            Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.

            T travisdh1T 3 Replies Last reply Reply Quote 3
            • EddieJenningsE
              EddieJennings
              last edited by

              Confirmed OP is a Dell fanboi 😛

              travisdh1T 1 Reply Last reply Reply Quote 1
              • dbeatoD
                dbeato
                last edited by

                I have not had Lenovo in my systems ever!!

                1 Reply Last reply Reply Quote 1
                • wirestyle22W
                  wirestyle22
                  last edited by

                  Sigh. This is something I bring up anytime someone says 'Lenovo'. We buy nothing but Lenovo and I'm very close to having a seizure at work.

                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                  • T
                    Texkonc
                    last edited by

                    The saying, you get what you pay for.
                    Network full of viruses!

                    1 Reply Last reply Reply Quote 1
                    • T
                      Texkonc @Dashrender
                      last edited by

                      @dashrender said in Lenovo - if it's on your network, you ARE breached.:

                      The OP should be updated with links to credible news stories talking about the listed issues.
                      Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.

                      Yup

                      1 Reply Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1 @Dashrender
                        last edited by

                        @dashrender said in Lenovo - if it's on your network, you ARE breached.:

                        The OP should be updated with links to credible news stories talking about the listed issues.
                        Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.

                        I'd love to, but most of the claims I've made have originated right here, and been later confirmed by myself testing on an X220 which has since been given the Office Space treatment. I'd love some external confirmation!

                        1 Reply Last reply Reply Quote 0
                        • travisdh1T
                          travisdh1 @EddieJennings
                          last edited by

                          @eddiejennings said in Lenovo - if it's on your network, you ARE breached.:

                          Confirmed OP is a Dell fanboi 😛

                          HP, Dell, SuperMicro, Huaway, just about anything other than Lenovo, yes.

                          EddieJenningsE 1 Reply Last reply Reply Quote 0
                          • travisdh1T
                            travisdh1 @Dashrender
                            last edited by

                            @dashrender said in Lenovo - if it's on your network, you ARE breached.:

                            The OP should be updated with links to credible news stories talking about the listed issues.
                            Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.

                            I'll also note that this all came to light while a used X220 was being shipped to me, so yes, I have an axe to grind, but I've also personally seen this stuff happen.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @wirestyle22
                              last edited by

                              @wirestyle22 said in Lenovo - if it's on your network, you ARE breached.:

                              Sigh. This is something I bring up anytime someone says 'Lenovo'. We buy nothing but Lenovo and I'm very close to having a seizure at work.

                              You are at a job where people should be in jail for that.

                              wirestyle22W 1 Reply Last reply Reply Quote 2
                              • dbeatoD
                                dbeato
                                last edited by

                                I have seen old articles on this:

                                https://www.cnet.com/how-to/lenovo-superfish-adware-uninstall-fix/

                                https://www.pcmag.com/article2/0,2817,2477277,00.asp

                                http://www.zdnet.com/article/lenovo-reportedly-blocking-linux-on-windows-10-signature-edition-pcs/

                                https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

                                1 Reply Last reply Reply Quote 1
                                • wirestyle22W
                                  wirestyle22 @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:

                                  @wirestyle22 said in Lenovo - if it's on your network, you ARE breached.:

                                  Sigh. This is something I bring up anytime someone says 'Lenovo'. We buy nothing but Lenovo and I'm very close to having a seizure at work.

                                  You are at a job where people should be in jail for that.

                                  Hopefully not for long

                                  1 Reply Last reply Reply Quote 0
                                  • black3dynamiteB
                                    black3dynamite
                                    last edited by

                                    This is an issue when using Windows only?

                                    travisdh1T scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • travisdh1T
                                      travisdh1 @black3dynamite
                                      last edited by

                                      @black3dynamite said in Lenovo - if it's on your network, you ARE breached.:

                                      This is an issue when using Windows only?

                                      No, everything.

                                      Superfish is included with the wifi drivers to a point that the wireless chips will not work without it. As for the BIOS level access, well, that's as bad as it gets.

                                      donaldlandruD 1 Reply Last reply Reply Quote 0
                                      • donaldlandruD
                                        donaldlandru @travisdh1
                                        last edited by

                                        @travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

                                        @black3dynamite said in Lenovo - if it's on your network, you ARE breached.:

                                        This is an issue when using Windows only?

                                        No, everything.

                                        Superfish is included with the wifi drivers to a point that the wireless chips will not work without it. As for the BIOS level access, well, that's as bad as it gets.

                                        I don't know what Wi-Fi chipset you have; however, we have the direct from Intel drivers so if SuperFish is included here I don't think that is a Lenovo issue.

                                        travisdh1T scottalanmillerS 3 Replies Last reply Reply Quote 0
                                        • EddieJenningsE
                                          EddieJennings @travisdh1
                                          last edited by

                                          @travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

                                          @eddiejennings said in Lenovo - if it's on your network, you ARE breached.:

                                          Confirmed OP is a Dell fanboi 😛

                                          HP, Dell, SuperMicro, Huaway, just about anything other than Lenovo, yes.

                                          Ha!

                                          1 Reply Last reply Reply Quote 0
                                          • travisdh1T
                                            travisdh1 @donaldlandru
                                            last edited by

                                            @donaldlandru said in Lenovo - if it's on your network, you ARE breached.:

                                            @travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

                                            @black3dynamite said in Lenovo - if it's on your network, you ARE breached.:

                                            This is an issue when using Windows only?

                                            No, everything.

                                            Superfish is included with the wifi drivers to a point that the wireless chips will not work without it. As for the BIOS level access, well, that's as bad as it gets.

                                            I don't know what Wi-Fi chipset you have; however, we have the direct from Intel drivers so if SuperFish is included here I don't think that is a Lenovo issue.

                                            That's great, you're entire network has already been pwnd tho, thanks to that absolutely assinine BIOS code.

                                            donaldlandruD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 1 / 5
                                            • First post
                                              Last post