DCSportbikes.net  
» Help Support .NET!
DCSportbikes Premier Membership for 25$ per year. Discounts! Click here for full information.

Now available in the .NET Shop:



Get your DCSBN Gear!
» Shoutbox
Sorry, only registered users have the ability to use our real-time shoutbox to chat with other members.

Register now, it's free!
» Online Users: 561
0 members and 561 guests
No Members online
Most users ever online was 4,519, September 2, 2015 at 03:26 AM.
Go Back   DCSportbikes.net > Non-Sportbike Forums > Non-Sportbike Chat

Reply
LinkBack Thread Tools
If You've Purchased A Lenovo PC, You'll Want to Read This
Unread
  (#1)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,591
Join Date: August 25, 2008
Location: Washington, D.C.
If You've Purchased A Lenovo PC, You'll Want to Read This - February 19, 2015, 01:21 PM

When IBM sold its Thinkpad / PC Business to a Chinese company, with Chinese corporate espionage a prevailing problem along with the Chinese government's desire to peek into America's populace and keep tabs on habits and means, I felt it was only a matter of time before they tried some slip in some spyware bullshit - either on their own or with the tacit approval of the PROC government given how IBM's Thinkpad line was a business standard for many large corporations.

The doorway is just too tempting. This is not to say we don't engage in the same activity. Long been known that the CIA asks networking and communication equipment manufacturers who sell boxes oversees to install backdoors or not close off certain known exploits for them.

Looks like the jig is up on this one. I wonder if the Justice Department and Federal Trade Commission will pull Lenovo's chain on this?

============================
Lenovo has been installing insecure spyware and adware onto new consumer computers from the company that activates when taken out of the box for the first time.


The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.

The Superfish certificate has been cracked, exposing Lenovo users to attack and appears to affect both Internet Explorer and Google Chrome on these Lenovo computers.

A Lenovo community administrator, Mark Hopkins, wrote in late January that the software would be temporarily removed from current systems after irate users complained of popups and other unwanted behavior:

We have temporarily removed Superfish from our consumer systems (only Consumer? Not Commercial?) until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.

Hopkins defended the adware, saying that it “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

He also says that users can refuse the terms and conditions when setting up their laptop, which means the software will be disabled. It doesn’t sound that straight-forward, however:


Other users are reporting that the adware actually installs its own self-signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites as pictured in action below.



This is a malicious technique commonly known as a man-in-the middle attack, where the certificate allows the software to decrypt secure requests, yet Lenovo appears to be shipping this software with some of its products out of the box.

If this is true — we’ve only seen screenshots so far — Superfish could be far more dangerous than just inserting advertising.

Superfish is identified by antivirus products as adware and advised to be removed. One user created a video that details how to remove the software manually, for those that are affected.

Even though Hopkins says the company has stopped installing the software on computers, it appears that’s only “temporary” until the company behind the software makes some tweaks to stop pop-ups.

Reports of Superfish being pre-loaded on Lenovo computers have appeared on forums as early as mid-2014.

If this is as widespread as it appears to be, the news is not good for Lenovo computer owners. If you own a Lenovo machine, let us know in the comments if you find the Superfish software on your machine.

We’ve contacted Lenovo for comment on the Superfish software and will update when we hear back.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#2)
SRWJTS Recruiter
 
ReasonableDoubt's Avatar
 
Posts: 2,416
Join Date: August 18, 2010
Location: Fairfax, VA
February 19, 2015, 02:08 PM

Not just Lenovo machines

How to Test Your PC for the New "Superfish" Security Vulnerability


"Remember you may love your bike but your bike doesn't love you and that bitch will kill you the first time you do her wrong."

MARRC Cornerworker
http://www.marrc.org/

2010 Triumph Daytona 675 SE
2006 Yamaha R6 - Anniversary Edition - SOLD
2005 Yamaha R6 - SOLD
2001 Yamaha YZF600R - SOLD
  Send a message via AIM to  
Reply With Quote
Unread
  (#3)
Im Always Down to Ride
 
bds120's Avatar
 
Posts: 2,865
Join Date: January 4, 2009
Location: Centreville
February 19, 2015, 03:36 PM

Hence again why I roll with Mac. Thanks okayh for the introduction I needed to Mac. Will be buying me the top of the line here soon.


Remember when sex was safe and motorcycles were dangerous?

Speed kills, ride a Yamaha!

MotorSport/PowerSport Auctions
  Send a message via AIM to  
Reply With Quote
Unread
  (#4)
Licensed Rider
 
Mallory's Avatar
 
Posts: 106
Join Date: December 8, 2014
Location: Hanover
February 19, 2015, 03:44 PM

Quote:
Originally Posted by bds120 View Post
Hence again why I roll with Mac. Thanks okayh for the introduction I needed to Mac. Will be buying me the top of the line here soon.
Because Apple never puts Spyware on their systems....
  Send a message via AIM to  
Reply With Quote
Unread
  (#5)
Derpetologist
 
Posts: 6,270
Join Date: September 7, 2010
February 19, 2015, 04:22 PM

On a related note: Not too long ago my dad picked up a Toshiba. The legalese it came with suggested the computer will collect user info and send it back to Toshiba. Not the Windows OS or some specific bloatware... the computer.


*Not intended to be a factual statement.
  Send a message via AIM to  
Reply With Quote
Unread
  (#6)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
February 19, 2015, 04:46 PM

Quote:
Originally Posted by Mallory View Post
Because Apple never puts Spyware on their systems....
If you're aware of Apple putting spyware on their systems, please let us know... because as far as I'm aware, there's no evidence of this.


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...
  Send a message via AIM to  
Reply With Quote
Unread
  (#7)
Licensed Rider
 
Mallory's Avatar
 
Posts: 106
Join Date: December 8, 2014
Location: Hanover
February 19, 2015, 05:54 PM

Quote:
Originally Posted by Fitz View Post
If you're aware of Apple putting spyware on their systems, please let us know... because as far as I'm aware, there's no evidence of this.
Mostly referring to the iPhone storing your location history....
  Send a message via AIM to  
Reply With Quote
Unread
  (#8)
↓ dn ʎɐʍ sıɥʇ ↓
 
Dark's Avatar
 
Posts: 8,213
Join Date: March 10, 2008
February 19, 2015, 06:02 PM

Meh, it's ridiculous that they do this but I personally wipe every system I get in order to start with a fresh installation of Windows (not utilizing their pre built image).

It should be standard practice for those that are savvy.


-Ryan
  Send a message via AIM to  
Reply With Quote
Unread
  (#9)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,591
Join Date: August 25, 2008
Location: Washington, D.C.
February 19, 2015, 06:15 PM

Quote:
Originally Posted by Mallory View Post
Mostly referring to the iPhone storing your location history....

If you enable location services, which is NOT enabled by default and every app instance that requires or wants access to it notifies you the first time you invoke the app which you can deny.

There's also a very clear status screen in the Setting's menu that shows every app that currently has access to Location data and allows you to disable it.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#10)
Im Always Down to Ride
 
bds120's Avatar
 
Posts: 2,865
Join Date: January 4, 2009
Location: Centreville
February 19, 2015, 06:59 PM

Quote:
Originally Posted by Dark View Post
Meh, it's ridiculous that they do this but I personally wipe every system I get in order to start with a fresh installation of Windows (not utilizing their pre built image).

It should be standard practice for those that are savvy.
yup...its so simple. I don't know why people don't do it.


Remember when sex was safe and motorcycles were dangerous?

Speed kills, ride a Yamaha!

MotorSport/PowerSport Auctions
  Send a message via AIM to  
Reply With Quote
Unread
  (#11)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
February 19, 2015, 07:23 PM

Quote:
Originally Posted by Mallory View Post
Mostly referring to the iPhone storing your location history....
So, mostly referring to something easily disabled, widely published, and enabled in permissions on a per-app basis?

Gotcha.

A LITTLE different than spywire preloaded on the device, with a third party cert shadily installed to allow the spyware to conduct MITM attacks.

And by "little", i mean "completely different, and not at all comparable"


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...

Last edited by Fitz; February 19, 2015 at 07:26 PM..
  Send a message via AIM to  
Reply With Quote
Unread
  (#12)
Track Day addict
 
2blueyam's Avatar
 
Posts: 1,066
Join Date: January 20, 2012
Location: Alexandria
February 19, 2015, 07:33 PM

My Lenovo came back clean on the test links. Tried both IE and Chrome to be sure.


Dale - 2004 SV 650 track, 2003 R1 track, 2007 Tuono
  Send a message via AIM to  
Reply With Quote
Unread
  (#13)
RIP Jeff Vega
 
Speed3's Avatar
 
Posts: 2,259
Join Date: January 4, 2004
Location: Fredneck
February 19, 2015, 07:49 PM

Quote:
Originally Posted by bds120 View Post
yup...its so simple. I don't know why people don't do it.
Just bought one of these....I have zero idea how to do this, help lol
  Send a message via AIM to  
Reply With Quote
Unread
  (#14)
Licensed Rider
 
Mallory's Avatar
 
Posts: 106
Join Date: December 8, 2014
Location: Hanover
February 19, 2015, 09:26 PM

Quote:
Originally Posted by Heist View Post
If you enable location services, which is NOT enabled by default and every app instance that requires or wants access to it notifies you the first time you invoke the app which you can deny.

There's also a very clear status screen in the Setting's menu that shows every app that currently has access to Location data and allows you to disable it.
After the public outcry. ...


But I'm not saying that this is the same. This is WAY worse. But thinking that swapping to iOS will protect you from this type of sh!t just isn't good enough anymore. As Macs gain popularity, more exploits against them pop up. And as a whole the company had relied on not being a target as its first line of defense and isn't really much better off than Windows systems now that it isn't true.

I agree with Dark, no matter what you buy you're better off wiping it and starting from scratch. Too bad that's not a (non warranty voiding) option for mobile devices.
  Send a message via AIM to  
Reply With Quote
Unread
  (#15)
SRWJTS SGT-At-Arms
 
Fitz's Avatar
 
Posts: 17,473
Join Date: October 1, 2002
Location: King George, VA
February 19, 2015, 09:35 PM

Bleh , never mind.


-Fitz

2016 Harley Softail Slim S
2012 Harley Ultra Limited in Ultra Annoying Orange Sold!
2012 V-Strom 1000 Sold!
2009 Buell 1125R Sold!
2005 Superhawk Sold!
2001 Superhawk Abandoned!
1981 CB650C Destroyed!

Brace Yourselves... the cries of "It's too cold to ride" are coming...

Last edited by Fitz; February 19, 2015 at 09:39 PM..
  Send a message via AIM to  
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Powered by vBadvanced CMPS v3.2.3


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
vBulletin Skin developed by: vBStyles.com
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2002-2010 by DCSportbikes.net. DCSportbikes.net is owned by End of Time Studios, LLC.