So this is a thing now
-
Yeah, it's pretty inexcusable, and their official post is mealy-mouthed PR crap. Here's a site that will check for the Superfish cert, if you need it:
https://filippo.io/Badfish/ -
I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money
-
@MattSpeller said:
I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money
sweet, sweet lawsuit money. Just make sure it was shipped between october and december of last year.
-
@MattSpeller said:
I feel like we should all buy a lenovo right now to get in on the sweet lawsuit money
Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.
-
@IRJ said:
Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.
See! It is all a scam to get us to purchase more lenovos! /s /tinfoilhattery
-
@MattSpeller said:
@IRJ said:
Congratulations End Users, You get $7.45 for all the trouble Lenovo has caused you.
See! It is all a scam to get us to purchase more lenovos! /s /tinfoilhattery
Make that a $7.45 Lenovo gift card
-
@IRJ AHAHAHahahahaha - so true!
-
Nuke it from orbit!
-
BBC labels it spyware....
-
Our own @cakeis_not_alie gets screencapped on Mashable on this very issue!! Congrats!!
-
Superfish, on the other hand, maintains that it has been "completely transparent in what our software does and at no time were consumers vulnerable."
From the bottom of the article... What? How is breaking the fundamentals of a security protocol designed to keep consumers safe not creating a significant and easily exploitable vulnerability? The more and more I read about this the more and more aggravated I get.
-
@coliver ditto, it's not just that they did it, but their attitude after having been caught doing it.
-
@scottalanmiller As one of the comments on the link mentioned. What about the other clients of Superfish? Are they as open about the software on their machines as Lenovo was/has been? Who else is sneaking this obvious malware on devices with the users unaware of it?
-
Their incompetence on this issue is worse than malicious. If they were malicious then they'd at least have protected anyone else from exploiting their cert. And Komodia would have chosen a password that wasn't the name of the company.
-
@coliver said:
@scottalanmiller As one of the comments on the link mentioned. What about the other clients of Superfish? Are they as open about the software on their machines as Lenovo was/has been? Who else is sneaking this obvious malware on devices with the users unaware of it?
Excellent question. At least, I suspect, that AV vendors will be looking for Superfish now and hopefully have it categorized as malware so that people are detecting it.
-
Also Lenovo has essentially admitted that they have no validation process no the bundleware they install. As long as someone pays them some money, they'll put anything on there. Lizard Squad might as well pay them to automatically add all Lenovo laptops to their botnet.
-
@Nic said:
Also Lenovo has essentially admitted that they have no validation process no the bundleware they install. As long as someone pays them some money, they'll put anything on there. Lizard Squad might as well pay them to automatically add all Lenovo laptops to their botnet.
Pretty much. This is the same as openly installing malware. It's like hiring a doorman to guard your building and then finding out that burglars are just walking up to him, paying him and being shown in to your apartment and allowed to rob the place. Yes "technically" the doorman only took a bribe and didn't "actually" burglar you but.... it's purely a technicality. He can't claim to not know that stealing your TV wasn't the probably outcome.
-
What is Lenovo's target market? I don't see or hear of them much in the SMB. I do see them carried by sales people working for larger organizations but predominately those are HP or Dell. On top of that they are generally much more expensive at the consumer level then something from the other two.
-
@coliver I think that they are primarily large businesses and overseas businesses. As they are Chinese I think that they focus on markets outside of the US. And they bought their PC lines from IBM, which traditionally was focused on large businesses. I suspect that Lenovo continues this.
-
The only thing I've seen that makes sense is a comment on reddit saying that MITM certs like that are expected in China due to govt monitoring, so they didn't really think anything of it.