Jump to content

Nominations for Tractor of the Month
Garden Tractors and Parts on eBay



Photo
- - - - -

For those of you who have Lenovo computers


  • Please log in to reply
3 replies to this topic

#1 HDWildBill OFFLINE  

HDWildBill

    Freedom is not Free. Thank those in uniform for your freedom.

  • Senior Member
  • -GTt Supporter-
  • Contributor
  • Member No: 6354
  • 8,705 Thanks
  • 8,559 posts
  • Location: Ga

Posted February 20, 2015 - 11:55 AM

It seems that Lenovo has installed adware called Superfish on their computers.  According to the article the is so poorly written that all kinds of hackers can access the certificate and redirect the user to dubious sites.  Looks like Lenovo has joined Sony on my cannot trust list.

 

Quote From the Register Article:

 

Security experts are warning that the Superfish code is so badly designed that it is easy to extract the private key to its root CA certificate. This private key can be used to generate SSL certificates that a nefarious website can use to masquerade as a legit site.

For example, if you're a bad person working in a cafe with control over its public Wi-Fi, and you see an affected Lenovo user join your network, you can attempt to redirect their connection to an online bank to your own password-stealing server. Your server can use a rogue SSL certificate generated from Superfish's leaked private key to masquerade as the bank's dotcom. The Superfish root CA certificate on the laptop tells the browser to trust the dodgy connection – and user will be none the wiser (unless they inspect the SSL session, which no one does).

 

Read the whole article here.

 


  • ducky, wvbuzzmaster, KennyP and 6 others have said thanks

#2 wvbuzzmaster OFFLINE  

wvbuzzmaster

    Squeaky Wheel

  • Senior Member
  • -GTt Supporter-
  • Contributor
  • Member No: 1792
  • 4,492 Thanks
  • 7,341 posts
  • Location: West Virginia

Posted February 20, 2015 - 07:50 PM

Thanks. I assume this only affects ne Lenovos, not my older one.

#3 ducky OFFLINE  

ducky

    Senior Member

  • Senior Member
  • -GTt Supporter-
  • Contributor
  • Member No: 564
  • 1,629 Thanks
  • 3,869 posts
  • Location: Freedom, WI

Posted February 20, 2015 - 08:19 PM

I heard about that on the news today.  Sound like Lenovo has disabled the software.

Disabled??????????????

That would make me shut it off and toss it.



#4 HDWildBill OFFLINE  

HDWildBill

    Freedom is not Free. Thank those in uniform for your freedom.

  • Senior Member
  • -GTt Supporter-
  • Contributor
  • Member No: 6354
  • 8,705 Thanks
  • 8,559 posts
  • Location: Ga

Posted February 20, 2015 - 08:26 PM

Thanks. I assume this only affects ne Lenovos, not my older one.

There were model number in the article that this affected.

 

 

I heard about that on the news today.  Sound like Lenovo has disabled the software.

Disabled??????????????

That would make me shut it off and toss it.

 

The user has to physically use a software tool to shut it down and remove it.

 

Another little interesting twist to this story is the Fed's and what they will do in light of Obama's hacking push.






Top