Lenovo caught installing adware on new computers

Discussion in 'malware problems & news' started by SweX, Feb 19, 2015.

  1. chachazz

    chachazz Updates Team

    Joined:
    Apr 23, 2004
    Posts:
    841

    Attached Files:

    Last edited by a moderator: Feb 24, 2015
  2. chachazz

    chachazz Updates Team

    Joined:
    Apr 23, 2004
    Posts:
    841
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I'm wondering whether there are similar vulnerabilities in MitM-based enterprise monitoring systems.
     
  4. guest

    guest Guest

    And the result is still no. :cool:
     
    Last edited by a moderator: Feb 23, 2015
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,621
    Location:
    DC Metro Area
    Still stunned by this face-palmingly stoopid business decision - it's beyond my comprehension.

    Wondering if they thought it would never be discovered.

    A five-star rated self-smear.
     
  6. 142395

    142395 Guest

    Ofc that depends on each enterprise, but maybe many of them would have at least 1 or 2 of problems. (just a guess)
     
  7. 142395

    142395 Guest

    Thanks! I was not impressed by Comodo's staff's reply to Sanya at all, does he think Sanya and all other lurker don't understand TLS thing? I can't avoid to say his replies are almost joke!
    And this is their quite defensive excuses.
    Although Privdog issue itself is bad, I lost more trust by those their attitude.:thumbd:
     
  8. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Last edited: Feb 24, 2015
  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    The *LOL-Lenovo* debacle continues -
    http://www.cbc.ca/news/technology/superfish-adware-frenzy-over-lenovo-betrayal-of-trust-1.2968640
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Apparently having Firefox browser would have prevented this problem for many people. Correct? Using Firefox or a similar browser could prevent this problem from happening in the future. Using a browser that does not allow this vulnerability would be a way to help avoid this problem from happening in the future for people who actually install new programs from time to time. No?

    Anyway, back to the original question: does Pale Moon offer the same protection?
     
  11. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    What is Superfish and does ESET protect me from it?
    KB Solution ID: SOLN3663 | Last Revised: February 24, 2015
    For more information, please see ESET Solution Article SOLN3663
    http://kb.eset.com/esetkb/index?page=content&id=SOLN3663
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    121,003
    Location:
    Texas
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    If the EFF found tens of thousands Superfish MitM certificates in the SSL Observatory, why didn't HTTPS Everywhere warn before?


    https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops

    https://www.eff.org/deeplinks/2015/...top-trying-intercept-your-customers-encrypted
     
  14. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,413
    Location:
    Triassic
    I assume that anyone with a Lenovo system that has been infected with Superfish needs to do a lot more than just remove Visual Discovery and delete the root certificate for Superfish in Windows and FF. What about user backups ? What about the Lenovo Recovery partition with the factory OEM install on it? Also, if I remember correctly, Lenovo recommends that you create a system recovery CD/DVD of the bare bones OEM OS (I think you are allowed to only do this once). I have read that Lenovo users are insisting that there is no opt out option on the OEM OS for VD and that Superfish is showing running in the task manager.
     
  15. 142395

    142395 Guest

    One can't enable "check certificates that are signed by non-standard root CAs" option when they use those MITM proxy, so this has sth to do with no alart? Anyway if they detected potential MITM, they should warn user.
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    I guess I just assumed that behaviour was default, since they apparently collect that information.
    Agreed.
     
  17. 142395

    142395 Guest

    I spoke too soon, it seems that setting is OFF by default.
    So it won't warn user when a local program like Superfish or Kaspersky MITMed traffic.
    While this is good for those who want to use such program or who in controled corporate network, it also means they're not protected from this kind of MITM.

    But they could find "certificates that Komodia should have rejected, but which it ended up causing browsers to accept" from those observatory, so maybe they should add option so that even that setting was not checked still HTTPS-EW warn user about potentially dangerous cert. It would complement those MITM proxy's weakness tho basically strict cert checking should be done by the MITM proxy itself.
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    Zemana's protection does not work for Firefox, it has it's own certificate store.
     
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    Yes, that would be nice.
     
  20. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Issues fix to remove crapware's certificate from the browser's repository
    http://www.computerworld.com/article/2890404/mozilla-scrubs-superfish-certificate-from-firefox.html
     
  21. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Connecticut Attorney Generals office launches Lenovo-Superfish probe
    The Corporate crapware bundling fiasco that keeps on ticking like the Every Ready Space Bunny.

    http://www.computerworld.com/article/2889928/conn-ag-launches-lenovo-superfish-crapware-probe.html
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,621
    Location:
    DC Metro Area
    "Lenovo.com was hijacked and email communications were intercepted by hackers just days after the company admitted to installing dangerous adware on many of its computers before shipping them to unsuspecting customers.

    “Unfortunately, Lenovo has been the victim of a cyber-attack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects,” the company said in a statement to Ars Technica.

    http://www.hotforsecurity.com/blog/...ack-on-lenovo-after-adware-scandal-11517.html
     
  23. 142395

    142395 Guest

    I'm not sure what protection you're saying, and why you think Firefox protect against this even in future. Am I missing sth?
    Firefox also affected by Superfish so they released hotfix, and AFAIK there's no advantage firefox have against this type of vuln except it uses its own cert store which actually not much of advantage.
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I thought that Superfish couldn't add its fake cert to Firefox cert store.
     
  25. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.