Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Lenovo Laptops Come Pre-I...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

Panich52

(5,829 posts) Sun Feb 22, 2015, 12:25 AM Feb 2015

Lenovo Laptops Come Pre-Installed With Giant Security Hole – Consumerist

Lenovo Laptops Come Pre-Installed With Giant Security Hole
By Kate Cox February 19, 2015


It’s not uncommon for a new PC to come with some pre-installed crap on it you don’t want. From proprietary hard drive management tools to antivirus trials, software bundling is sadly common. But the junk shipping on new Lenovo laptops goes one troublesome step further: the bloatware present on several models is not only annoying, but dangerous, with a vulnerability that could let someone easily access users’ private, nominally secure data.

The program is called Superfish. As Ars Technica explains, It’s meant to be “just” adware, scanning what you do and where you go and inserting advertisements while you do it. That, by itself, is pernicious and problematic enough. But the program also operates in such a way that any wandering third party with an eye for mischief could easily sneak in and steal your info.

For example, let’s say you want to do some online banking. Ordinarily you type in your bank’s URL and get an encrypted connection to it — that https that leads off the address bar. Your computer and your bank’s site then talk to each other. The bank site shows a security certificate saying, “Hey, I’m legit!” Your computer agrees that the bank is legit, the site loads, and you log in and carry on with your business.
But with Superfish installed, there’s a new link in that chain. You go to the bank’s website. Instead of the bank saying to your computer, “Hey, here’s my security certificate,” Superfish says to your computer, “Oh, no, it’s cool, the bank totally showed me its certificate. Totes legit. Here, take mine instead!”
As the saying goes, a chain is only as strong as its weakest link. And Superfish has a major weakness indeed: that fake security certificate is always the same, on every Lenovo computer. So if an info thief created a fake HTTPS site using Superfish’s credentials to siphon off personal data from every user that visited it, Superfish would pass it right on through as legitimate.

More
http://consumerist.com/2015/02/19/lenovo-laptops-come-pre-installed-with-giant-security-hole/

..

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 10 replies, 1048 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (3) ReplyReply to this post
10 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Lenovo Laptops Come Pre-Installed With Giant Security Hole – Consumerist (Original Post) Panich52 Feb 2015 OP
Even without the security issue, this is a despicable thing to do. It's bad enough that websites do. arcane1 Feb 2015 #1
, blkmusclmachine Feb 2015 #2
Always, always, always do a clean install of a new computer Recursion Feb 2015 #3
This is unfortunate because ibm/lenovo has traditionally been the preferred laptop for those who betterdemsonly Feb 2015 #4
Best keyboards in the industry Recursion Feb 2015 #5
I wonder how long Lenovo has been doing this. CaliforniaPeggy Feb 2015 #6
You shouldn't have to worry. These are Win8 ultrabook lenovos like the Yoga. n/t betterdemsonly Feb 2015 #7
Oh, thank you. I don't have Win 8, thank goodness! CaliforniaPeggy Feb 2015 #8
Curious how Lenovo stock is doing. I'm sure this damage was written Phlem Feb 2015 #9
First thing I do when buying any laptop: remove all preinstalled software. Initech Feb 2015 #10
 

arcane1

(38,613 posts)
1. Even without the security issue, this is a despicable thing to do. It's bad enough that websites do.
Reply to Panich52 (Original post)
Sun Feb 22, 2015, 12:27 AM
Feb 2015

Though I fear this is the Future: no way to escape from targeted advertising

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Recursion

(56,582 posts)
3. Always, always, always do a clean install of a new computer
Reply to Panich52 (Original post)
Sun Feb 22, 2015, 12:32 AM
Feb 2015

Preferably with Linux or BSD, but failing that, with a clean Windows disk (the product key should be on a sticker on your computer).

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

betterdemsonly

(1,967 posts)
4. This is unfortunate because ibm/lenovo has traditionally been the preferred laptop for those who
Reply to Panich52 (Original post)
Sun Feb 22, 2015, 12:32 AM
Feb 2015

want quality but can't afford a Mac.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

CaliforniaPeggy

(149,641 posts)
6. I wonder how long Lenovo has been doing this.
Reply to Panich52 (Original post)
Sun Feb 22, 2015, 12:34 AM
Feb 2015

I bought a Windows 7 online from Lenovo several years ago, and my computer guy installed my stuff from my hard disk onto it.

He didn't mention the Superfish. So I don't know if my machine came with it or not.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

betterdemsonly

(1,967 posts)
7. You shouldn't have to worry. These are Win8 ultrabook lenovos like the Yoga. n/t
Reply to CaliforniaPeggy (Reply #6)
Sun Feb 22, 2015, 12:42 AM
Feb 2015

Last edited Sun Feb 22, 2015, 02:25 AM - Edit history (1)

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Initech

(100,081 posts)
10. First thing I do when buying any laptop: remove all preinstalled software.
Reply to Panich52 (Original post)
Sun Feb 22, 2015, 02:27 PM
Feb 2015

And I will never buy any desktop that I can't build myself. No bloatware, no problem.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Lenovo Laptops Come Pre-I...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.