Security Alert - Reimage any Lenovo laptops if you haven't yet



  • Site to check if this affects you: https://filippo.io/Badfish/

    Sources:
    http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/
    http://www.bbc.com/news/technology-31533028
    https://infected.io/120/lenovos-superfish-security-nightmare

    Quote [infected.io]:

    Lenovo is a known brand for its business notebooks. Chris Palmer, a developer working for Google on Chrome, discovered that Lenovo delivers notebooks with the adware “Superfish” pre-installed. Even though that’s bad enough already, the adware also tries to insert advertisements based on images (“Visual Search”) of a couch for example. So if you’re looking for a new couch on the internet, as soon as there is a product picture, it will try to insert an ad for the couch you’re currently looking at. Research shows that it’s being pre-installed since at least September 2014, where a forums post about Superfish appeared.

    Now you could think that you’re not affected because most of the shopping sites you’re visiting are already behind a HTTPS connection. That’s why this great piece of software also installs a root certificate in your windows certificate store!

    But hey, if that didn’t catch your attention yet: The pre-installed certificate is the exact same on all systems as it seems. And so is obviously the private key, which seems to be part of the Superfish software as well. What it means? Well, you can just issue certificates and computers having the Superfish software installed will recognize them as valid.

    Lenovo - for those who do.



  • Site to check if this affects you: https://filippo.io/Badfish/

    Sources:
    http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/
    http://www.bbc.com/news/technology-31533028
    https://infected.io/120/lenovos-superfish-security-nightmare

    Quote [infected.io]:

    Lenovo is a known brand for its business notebooks. Chris Palmer, a developer working for Google on Chrome, discovered that Lenovo delivers notebooks with the adware “Superfish” pre-installed. Even though that’s bad enough already, the adware also tries to insert advertisements based on images (“Visual Search”) of a couch for example. So if you’re looking for a new couch on the internet, as soon as there is a product picture, it will try to insert an ad for the couch you’re currently looking at. Research shows that it’s being pre-installed since at least September 2014, where a forums post about Superfish appeared.

    Now you could think that you’re not affected because most of the shopping sites you’re visiting are already behind a HTTPS connection. That’s why this great piece of software also installs a root certificate in your windows certificate store!

    But hey, if that didn’t catch your attention yet: The pre-installed certificate is the exact same on all systems as it seems. And so is obviously the private key, which seems to be part of the Superfish software as well. What it means? Well, you can just issue certificates and computers having the Superfish software installed will recognize them as valid.

    Lenovo - for those who do.



  • good thing i didn’t let /g/ decide what laptop i should get!



  • @Dent:

    good thing i didn’t let /g/ decide what laptop i should get!

    No one there runs Windows


Log in to reply
 

5
Online

10974
Users

15257
Topics

297315
Posts

Looks like your connection to NoXiousNet was lost, please wait while we try to reconnect.