ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    So this is a thing now

    Scheduled Pinned Locked Moved News
    39 Posts 9 Posters 8.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MattSpellerM
      MattSpeller
      last edited by

      Ugh, yes! Nuke them all. Vendor images are by definition garbage.

      1 Reply Last reply Reply Quote 2
      • coliverC
        coliver
        last edited by

        Lenovo has released a statement saying Superfish was installed on consumer laptops shipped between October and December 2014. The manufacturer said it stopped preloading Superfish in January 2015 and has no plans to resume the practice. Amazingly, the company said it did "not find any evidence to substantiate security concerns," but added that it's responding to them anyway. People who are concerned their PC may contain this critical vulnerability can check at https://filippo.io/Badfish/. The website was designed by one of the same researchers who published a site to scan websites for the catastrophic Heartbleed weakness in OpenSSL.

        How did this not come up in image/software testing. TLS injection is something that can be fairly easily observed by even those without a technical background.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @coliver
          last edited by

          @coliver said:

          I feel like this behavior should be illegal on devices that you don't own.

          Oh well, just another reason to use @scottalanmiller 's logic and wipe the drive before you do start to use it.

          We saw this behaviour on @dominica's Lenovo! I had proposed that something like this was going on. Glad to see it was validated after people kept calling me crazy.

          NicN 1 Reply Last reply Reply Quote 1
          • NicN
            Nic @scottalanmiller
            last edited by

            This is pretty bad - check out the top comment here: https://www.reddit.com/r/technology/comments/2wecz2/lenovo_users_report_preinstalled_superfish_adware/

            1 Reply Last reply Reply Quote 2
            • IRJI
              IRJ
              last edited by

              Here, in its full glory, is the entire Lenovo statement:

              Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping. However, user feedback was not positive, and we responded quickly and decisively:

              Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market.
              Lenovo stopped preloading the software in January.
              We will not preload this software in the future.
              We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.

              To be clear, Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.

              We are providing support on our forums for any user with concerns. Our goal is to find technologies that best serve users. In this case, we have responded quickly to negative feedback, and taken decisive actions to ensure that we address these concerns. If users still wish to take further action, detailed information is available at http://forums.lenovo.com.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller
                last edited by

                This definitely puts the final nail in the coffin for Lenovo for me. Our interactions with them last year were awful. This, though, is outrageous.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @scottalanmiller
                  last edited by

                  @scottalanmiller said:

                  This definitely puts the final nail in the coffin for Lenovo for me. Our interactions with them last year were awful. This, though, is outrageous.

                  So I take it you believe they knew exactly what this software did/could do and decided to deploy it anyhow?

                  scottalanmillerS coliverC 2 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    @scottalanmiller said:

                    This definitely puts the final nail in the coffin for Lenovo for me. Our interactions with them last year were awful. This, though, is outrageous.

                    So I take it you believe they knew exactly what this software did/could do and decided to deploy it anyhow?

                    I used the machine for five minutes and knew what they had done. There is no way they didn't know that this was happening. And if they claim that they didn't know, that's almost worst. They will just let anyone pay to put anything bad onto your machine!

                    This is not a trivial breach of trust.

                    1 Reply Last reply Reply Quote 2
                    • coliverC
                      coliver @Dashrender
                      last edited by

                      @Dashrender said:

                      @scottalanmiller said:

                      This definitely puts the final nail in the coffin for Lenovo for me. Our interactions with them last year were awful. This, though, is outrageous.

                      So I take it you believe they knew exactly what this software did/could do and decided to deploy it anyhow?

                      My main question is... does it matter? If they did it intentionally then it is justified. If they didn't fully test the software and understand the implications.... then it is also justified. This isn't a small bug that just went by the wayside, this is a serious security breaking, intentional, piece of software.

                      scottalanmillerS 1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @coliver
                        last edited by

                        @coliver Exactly. There is no excusable scenario here.

                        1 Reply Last reply Reply Quote 0
                        • coliverC
                          coliver
                          last edited by

                          Not to mention... Lenovo has a fairly big market share even on the consumer side... if they didn't know that consumers hate ads then their marketing and research team failed... hard.

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            Yes, the adware alone was bad. Very bad. Trying to force ads onto a product that someone bought isn't okay. No one agreed to having their OS modified at the network level to have ads forced on them.

                            Then to break security and put people at risk for Lenovo's personal gain... even if they only intended to screw their customer and never intended to do anything worse, there is no way I will ever cross the line to touching Lenovo again.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Don't jump to conspiracy theories. This is very simple. Lenovo had a chance to make money and they simply don't care that they are breaking the law or putting customers at risk. Most customers will assume that it was a mistake and forgive them or, at best, forget because people don't remember these things for long. Lenovo isn't out to hurt anyone, that's not their goal. They want money and they just don't care if their customers are hurt or put at risk while they do it.

                              This is hardly the first vendor we've dealt with that is willing to knowingly steal data or put customers at risk to make a buck.

                              1 Reply Last reply Reply Quote 0
                              • NicN
                                Nic
                                last edited by

                                Yeah, it's pretty inexcusable, and their official post is mealy-mouthed PR crap. Here's a site that will check for the Superfish cert, if you need it:
                                https://filippo.io/Badfish/

                                1 Reply Last reply Reply Quote 3
                                • MattSpellerM
                                  MattSpeller
                                  last edited by

                                  I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money 😀

                                  coliverC IRJI 2 Replies Last reply Reply Quote 2
                                  • coliverC
                                    coliver @MattSpeller
                                    last edited by

                                    @MattSpeller said:

                                    I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money 😀

                                    sweet, sweet lawsuit money. Just make sure it was shipped between october and december of last year.

                                    1 Reply Last reply Reply Quote 3
                                    • IRJI
                                      IRJ @MattSpeller
                                      last edited by

                                      @MattSpeller said:

                                      I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money 😀

                                      Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.

                                      MattSpellerM 1 Reply Last reply Reply Quote 1
                                      • MattSpellerM
                                        MattSpeller @IRJ
                                        last edited by

                                        @IRJ said:

                                        Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.

                                        See! It is all a scam to get us to purchase more lenovos! /s /tinfoilhattery

                                        IRJI 1 Reply Last reply Reply Quote 0
                                        • IRJI
                                          IRJ @MattSpeller
                                          last edited by

                                          @MattSpeller said:

                                          @IRJ said:

                                          Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.

                                          See! It is all a scam to get us to purchase more lenovos! /s /tinfoilhattery

                                          Make that a $7.45 Lenovo gift card 😛

                                          MattSpellerM 1 Reply Last reply Reply Quote 1
                                          • MattSpellerM
                                            MattSpeller @IRJ
                                            last edited by MattSpeller

                                            @IRJ AHAHAHahahahaha - so true!

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post