ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    So this is a thing now

    Scheduled Pinned Locked Moved News
    39 Posts 9 Posters 8.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NicN
      Nic
      last edited by

      Yeah, it's pretty inexcusable, and their official post is mealy-mouthed PR crap. Here's a site that will check for the Superfish cert, if you need it:
      https://filippo.io/Badfish/

      1 Reply Last reply Reply Quote 3
      • MattSpellerM
        MattSpeller
        last edited by

        I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money 😀

        coliverC IRJI 2 Replies Last reply Reply Quote 2
        • coliverC
          coliver @MattSpeller
          last edited by

          @MattSpeller said:

          I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money 😀

          sweet, sweet lawsuit money. Just make sure it was shipped between october and december of last year.

          1 Reply Last reply Reply Quote 3
          • IRJI
            IRJ @MattSpeller
            last edited by

            @MattSpeller said:

            I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money 😀

            Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.

            MattSpellerM 1 Reply Last reply Reply Quote 1
            • MattSpellerM
              MattSpeller @IRJ
              last edited by

              @IRJ said:

              Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.

              See! It is all a scam to get us to purchase more lenovos! /s /tinfoilhattery

              IRJI 1 Reply Last reply Reply Quote 0
              • IRJI
                IRJ @MattSpeller
                last edited by

                @MattSpeller said:

                @IRJ said:

                Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.

                See! It is all a scam to get us to purchase more lenovos! /s /tinfoilhattery

                Make that a $7.45 Lenovo gift card 😛

                MattSpellerM 1 Reply Last reply Reply Quote 1
                • MattSpellerM
                  MattSpeller @IRJ
                  last edited by MattSpeller

                  @IRJ AHAHAHahahahaha - so true!

                  1 Reply Last reply Reply Quote 1
                  • thanksajdotcomT
                    thanksajdotcom
                    last edited by

                    Nuke it from orbit!

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      BBC labels it spyware....

                      http://www.bbc.co.uk/news/technology-31533028

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Our own @cakeis_not_alie gets screencapped on Mashable on this very issue!! Congrats!!

                        http://mashable.com/2015/02/20/lenovo-apology-superfish/

                        1 Reply Last reply Reply Quote 0
                        • coliverC
                          coliver
                          last edited by coliver

                          Superfish, on the other hand, maintains that it has been "completely transparent in what our software does and at no time were consumers vulnerable."

                          From the bottom of the article... What? How is breaking the fundamentals of a security protocol designed to keep consumers safe not creating a significant and easily exploitable vulnerability? The more and more I read about this the more and more aggravated I get.

                          scottalanmillerS 1 Reply Last reply Reply Quote 2
                          • scottalanmillerS
                            scottalanmiller @coliver
                            last edited by

                            @coliver ditto, it's not just that they did it, but their attitude after having been caught doing it.

                            coliverC 1 Reply Last reply Reply Quote 0
                            • coliverC
                              coliver @scottalanmiller
                              last edited by

                              @scottalanmiller As one of the comments on the link mentioned. What about the other clients of Superfish? Are they as open about the software on their machines as Lenovo was/has been? Who else is sneaking this obvious malware on devices with the users unaware of it?

                              scottalanmillerS 1 Reply Last reply Reply Quote 2
                              • NicN
                                Nic
                                last edited by

                                Their incompetence on this issue is worse than malicious. If they were malicious then they'd at least have protected anyone else from exploiting their cert. And Komodia would have chosen a password that wasn't the name of the company.

                                1 Reply Last reply Reply Quote 2
                                • scottalanmillerS
                                  scottalanmiller @coliver
                                  last edited by

                                  @coliver said:

                                  @scottalanmiller As one of the comments on the link mentioned. What about the other clients of Superfish? Are they as open about the software on their machines as Lenovo was/has been? Who else is sneaking this obvious malware on devices with the users unaware of it?

                                  Excellent question. At least, I suspect, that AV vendors will be looking for Superfish now and hopefully have it categorized as malware so that people are detecting it.

                                  1 Reply Last reply Reply Quote 0
                                  • NicN
                                    Nic
                                    last edited by

                                    Also Lenovo has essentially admitted that they have no validation process no the bundleware they install. As long as someone pays them some money, they'll put anything on there. Lizard Squad might as well pay them to automatically add all Lenovo laptops to their botnet.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 2
                                    • scottalanmillerS
                                      scottalanmiller @Nic
                                      last edited by

                                      @Nic said:

                                      Also Lenovo has essentially admitted that they have no validation process no the bundleware they install. As long as someone pays them some money, they'll put anything on there. Lizard Squad might as well pay them to automatically add all Lenovo laptops to their botnet.

                                      Pretty much. This is the same as openly installing malware. It's like hiring a doorman to guard your building and then finding out that burglars are just walking up to him, paying him and being shown in to your apartment and allowed to rob the place. Yes "technically" the doorman only took a bribe and didn't "actually" burglar you but.... it's purely a technicality. He can't claim to not know that stealing your TV wasn't the probably outcome.

                                      1 Reply Last reply Reply Quote 0
                                      • coliverC
                                        coliver
                                        last edited by

                                        What is Lenovo's target market? I don't see or hear of them much in the SMB. I do see them carried by sales people working for larger organizations but predominately those are HP or Dell. On top of that they are generally much more expensive at the consumer level then something from the other two.

                                        Reid CooperR 1 Reply Last reply Reply Quote 0
                                        • Reid CooperR
                                          Reid Cooper @coliver
                                          last edited by

                                          @coliver I think that they are primarily large businesses and overseas businesses. As they are Chinese I think that they focus on markets outside of the US. And they bought their PC lines from IBM, which traditionally was focused on large businesses. I suspect that Lenovo continues this.

                                          1 Reply Last reply Reply Quote 0
                                          • NicN
                                            Nic
                                            last edited by

                                            The only thing I've seen that makes sense is a comment on reddit saying that MITM certs like that are expected in China due to govt monitoring, so they didn't really think anything of it.

                                            MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post