So this is a thing now
-
Nuke it from orbit!
-
BBC labels it spyware....
-
Our own @cakeis_not_alie gets screencapped on Mashable on this very issue!! Congrats!!
-
Superfish, on the other hand, maintains that it has been "completely transparent in what our software does and at no time were consumers vulnerable."
From the bottom of the article... What? How is breaking the fundamentals of a security protocol designed to keep consumers safe not creating a significant and easily exploitable vulnerability? The more and more I read about this the more and more aggravated I get.
-
@coliver ditto, it's not just that they did it, but their attitude after having been caught doing it.
-
@scottalanmiller As one of the comments on the link mentioned. What about the other clients of Superfish? Are they as open about the software on their machines as Lenovo was/has been? Who else is sneaking this obvious malware on devices with the users unaware of it?
-
Their incompetence on this issue is worse than malicious. If they were malicious then they'd at least have protected anyone else from exploiting their cert. And Komodia would have chosen a password that wasn't the name of the company.
-
@coliver said:
@scottalanmiller As one of the comments on the link mentioned. What about the other clients of Superfish? Are they as open about the software on their machines as Lenovo was/has been? Who else is sneaking this obvious malware on devices with the users unaware of it?
Excellent question. At least, I suspect, that AV vendors will be looking for Superfish now and hopefully have it categorized as malware so that people are detecting it.
-
Also Lenovo has essentially admitted that they have no validation process no the bundleware they install. As long as someone pays them some money, they'll put anything on there. Lizard Squad might as well pay them to automatically add all Lenovo laptops to their botnet.
-
@Nic said:
Also Lenovo has essentially admitted that they have no validation process no the bundleware they install. As long as someone pays them some money, they'll put anything on there. Lizard Squad might as well pay them to automatically add all Lenovo laptops to their botnet.
Pretty much. This is the same as openly installing malware. It's like hiring a doorman to guard your building and then finding out that burglars are just walking up to him, paying him and being shown in to your apartment and allowed to rob the place. Yes "technically" the doorman only took a bribe and didn't "actually" burglar you but.... it's purely a technicality. He can't claim to not know that stealing your TV wasn't the probably outcome.
-
What is Lenovo's target market? I don't see or hear of them much in the SMB. I do see them carried by sales people working for larger organizations but predominately those are HP or Dell. On top of that they are generally much more expensive at the consumer level then something from the other two.
-
@coliver I think that they are primarily large businesses and overseas businesses. As they are Chinese I think that they focus on markets outside of the US. And they bought their PC lines from IBM, which traditionally was focused on large businesses. I suspect that Lenovo continues this.
-
The only thing I've seen that makes sense is a comment on reddit saying that MITM certs like that are expected in China due to govt monitoring, so they didn't really think anything of it.
-
@Nic Best explanation I've heard yet.
-
@Nic said:
The only thing I've seen that makes sense is a comment on reddit saying that MITM certs like that are expected in China due to govt monitoring, so they didn't really think anything of it.
That might be the worst thing yet. This reads as "don't trust any products coming from China because they are culturally conditioned to be insecure."