@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

I'd like to see recent references; everything I have found hasn't been updated / linked to since 2019 about the 2014-2015 incident.

What has changed? Nothing.

Why should anyone keep reporting no news?

Exactly - There's nothing newer because they haven't been caught doing any dirty shit in the past 2-3 years. But at the same time - the same management is in charge, so why would we expect them to do things right?

I just confirmed Superfish is still around because of that laptop from last week that got sent back!

Not sure what you mean?

Of course - if you didn't uninstall the software and didn't update to the newer driver that removed Superfish, then it will still be around - just like the millions of machines that never get updated and have Melissa still running around the internet (ok maybe not millions today).

This was a laptop manufactured April 2021 from the factory. So I really don't care if there are alternatives available. Lenovo has proven to lie about it so often already that it's to much of a risk, and legal liability.

@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

I'd like to see recent references; everything I have found hasn't been updated / linked to since 2019 about the 2014-2015 incident.

What has changed? Nothing.

Why should anyone keep reporting no news?

Exactly - There's nothing newer because they haven't been caught doing any dirty shit in the past 2-3 years. But at the same time - the same management is in charge, so why would we expect them to do things right?

I just confirmed Superfish is still around because of that laptop from last week that got sent back!

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

I'd like to see recent references; everything I have found hasn't been updated / linked to since 2019 about the 2014-2015 incident.

What has changed? Nothing.

Why should anyone keep reporting no news?

@dashrender said in What Are You Doing Right Now:

@gjacobse said in What Are You Doing Right Now:

Was just asked:

James is starting his own business and needed a laptop to do Office work, Invoices, 
Quickbooks and the like,...

Uh - Anything but Quickbooks first off.

I don't understand why they haven't fully gone to the cloud yet? They as in QB.

Because people keep buying their expensive **** local versions, and they know people would just switch to a competitor if they force everyone to the cloud version.

Just because the cloud version is the only one that is any good doesn't matter at all in this case. Besides, how else would they keep running their scam centers?

@obsolesce said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

So I'm going to have to bring it up in the next all-hands meeting here

How'd your presentation go?

Actually went quite well. Management wants to start having conversations with clients about replacing every Lenovo.

@gjacobse said in What Are You Doing Right Now:

Was just asked:

James is starting his own business and needed a laptop to do Office work, Invoices, 
Quickbooks and the like,...

Uh - Anything but Quickbooks first off.

Scary as this is coming from me, Microsoft Dynamics is much worse than even QB!

And a few days later, yet another patched version to fix the broken fix. Isn't security so much fun?

https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e

@gjacobse said in What Are You Doing Right Now:

@travisdh1 said in What Are You Doing Right Now:

Happy day. We're returning a Lenovo, because it's a Lenovo.

I literally feel your pain.

Good luck, sounds like that will be tilting at windmills where you're currently employed.

I got lucky in the company meeting, they already had issues with Lenovo before I brought up the Superfish ongoing **** show.

Happy day. We're returning a Lenovo, because it's a Lenovo.

@obsolesce said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

So I'm going to have to bring it up in the next all-hands meeting here

How'd your presentation go?

Won't happen till Monday most likely.

@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:

@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

Thanks for dumping ice water down my back.... We use Lenovo for every laptop and desktop.

It's basically the only thing Lenovo is known for.

Knowledge of Lenovo's misdeeds is STILL unknown to most people. So I'm going to have to bring it up in the next all-hands meeting here

it will always be that way - because most people - including most business owners - hell likely even most IT - don't know don't care.

You have to know to not care. It's willful in most business owners. A desire to ignore info that is available and to avoid being informed by IT.

In this case, we are supposed to be acting as IT for our clients. Yet the people ordering equipment keep ordering Lenovo..... Latest one is for a PD

@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

Thanks for dumping ice water down my back.... We use Lenovo for every laptop and desktop.

It's basically the only thing Lenovo is known for.

Knowledge of Lenovo's misdeeds is STILL unknown to most people. So I'm going to have to bring it up in the next all-hands meeting here

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

Thanks for dumping ice water down my back.... We use Lenovo for every laptop and desktop.

Glad to be of service... not.

Look at it this way, you at least won't have to talk about this in front of the company meeting next week.

My apologies for resurrecting a long dead thread, but I just collected the links today because I've had multiple places I wanted to reference them this week.

https://www.cnet.com/how-to/lenovo-superfish-adware-uninstall-fix/
https://www.pcmag.com/article2/0,2817,2477277,00.asp
http://www.zdnet.com/article/lenovo-reportedly-blocking-linux-on-windows-10-signature-edition-pcs/
https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/
https://mangolassi.it/topic/11320/pentagon-warns-against-using-lenovo-equipment
https://mangolassi.it/topic/7748/lenovo-screws-the-pooch-yet-again-on-the-security-front
https://mangolassi.it/topic/5751/lenovo-accused-of-using-rootkit-like-methods-to-sneak-software-onto-clean-windows-installs
https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/
https://www.theregister.co.uk/2019/08/23/lenovo_solution_centre_cve_2019_6177/

https://mangolassi.it/topic/14538/lenovo-if-it-s-on-your-network-you-are-breached/50

@jaredbusch said in Miscellaneous Tech News:

Is LastPass being spun off or is it still owned by log me in?

I wonder if they'll remove the tracking junk now? Probably not.

At a client site to move equipment around and update user accounts. Also powering off the old server today, they've moved everything they need into Office 365.

Just got done setting up 4 new guest VLANs and WiFi networks for them along with all the Ubiquiti updates that haven't been done. Said client had not had a contact before this year (billed per support call) and is now under contract, so we're actually managing their stuff now.

@gjacobse said in What Are You Doing Right Now:

Looking at all the crickets here.... My word.

Also calls backs after mid day reboot of the App Server.
Annnnd deal with Log4Shell

I haven't had time to think about anything but work yet today.

@dashrender said in Reverse Proxy for Single Public Facing Server:

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

I don't think the VM example relates to the proxy question.

The fact that you are self hosting probably plays more into this than anything else.
As a self hoster, do you have have more than one IP? If not, and you're going to have more than one site, proxy becomes a must (no one wants to deal with ports).
I suppose having multiple IPs doesn't preclude you from using a proxy, just makes it less of a demand.

I think of it as a good practice to put something public-facing behind a proxy if possible, whether it's a single server or multiple. That was my connection to virtualization: not a technical connection, but a possible best practice of putting something behind a proxy by default instead of putting something behind a proxy as an exception.

That's pretty easy to do when you're self hosted, but if you're doing something like Vultr instances, I'm guessing it's a bit harder - unless Vultr allows for the creation of VMs that only exist on a private network.

Just about all "cloud" providers let you easily create a private network within their own infrastructure now. I know Vultr, Digital Ocean and Linode all do at least.

I'm in "The little switzerland" today (Sugarcreek, OH). Also home of the largest cuckoo clock.

Like all tourist traps, it sounds more exciting than it is.