Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLaptops and mobile computersLenovo laptops loaded with Superfish malware
freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#165761 19-Feb-2015 20:02
Send private message

It seems Lenovo laptops are being loaded with Superfish malware out of the factory.

The malware installs a SSL certificate and acts as a proxy, in effect doing a MITM attack to decrypt any encrypted pages (such as search engines) and analyze pages to add their own advertising and popups.

If you like your privacy and security...




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
Dynamic
3866 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1242548 19-Feb-2015 20:07
Send private message

One of my suppliers has been encouraging me to start quoting Lenovo desktops for clients, and I was wavering a bit.  I'm not considering it any more (even though this issue is supposedly only on consumer machines).  This tells me a lot about the ATTITUDE of a company.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.



freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1242572 19-Feb-2015 20:52
Send private message

Certainly not looking good.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

mattwnz
20141 posts

Uber Geek


  #1242583 19-Feb-2015 20:57
Send private message

Wow if true.



Dairyxox
1594 posts

Uber Geek


  #1242605 19-Feb-2015 21:19
Send private message

Shocking but not entirely dissimilar to malware on all major brands hard drives exposed recently...

Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.


Russian researchers expose breakthrough U.S. spying program

How many of these were brought for corporate use.
This certainly lessens my opinion of Lenovo that's for sure.

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #1242610 19-Feb-2015 21:23
Send private message

freitasm: It seems Lenovo laptops are being loaded with Superfish malware out of the factory.

The malware installs a SSL certificate and acts as a proxy, in effect doing a MITM attack to decrypt any encrypted pages (such as search engines) and analyze pages to add their own advertising and popups.

If you like your privacy and security...

Not good. They will regret that for a long time.

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #1242655 19-Feb-2015 22:01
Send private message

Dairyxox: Shocking but not entirely dissimilar to malware on all major brands hard drives exposed recently...

Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.


Russian researchers expose breakthrough U.S. spying program

How many of these were brought for corporate use.
This certainly lessens my opinion of Lenovo that's for sure.

Yes, this is entirely dissimilar.

Dairyxox
1594 posts

Uber Geek


  #1242667 19-Feb-2015 22:14
Send private message

There are several similarities.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
raytaylor
4014 posts

Uber Geek

Trusted

  #1242696 19-Feb-2015 23:46
Send private message

Is this just a mistake, a rogue staffer, or a marketing department decision f* up?

I hope its not the latter.

And we see one of these stories each year - with malware on usb sticks given out as corporate promos, or pre-installed ona  tablet etc

usually a rogue staffer is assigned as the scapegoat and the company puts out a statement that it was the factory that screwed up, they take privacy seriously, someone has been fired, bla bla bla




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Batman
Mad Scientist
29760 posts

Uber Geek

Trusted
Lifetime subscriber

  #1242700 19-Feb-2015 23:55
Send private message

and when exactly did it start?

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #1242702 19-Feb-2015 23:58
Send private message

Dairyxox: There are several similarities.

Probably not so much it should be confused in the same thread, but here we go ; )

http://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/
http://mobile.eweek.com/security/equation-group-spyware-poses-threats-far-beyond-its-original-purpose.html

Kaspersky discovered that one. There is no indication their product will detect it, anyone know differnet?

surfisup1000
5288 posts

Uber Geek


  #1242704 20-Feb-2015 00:01
Send private message

This is a chinese government scheme to mine and steal data. 

Huawei are doing the same with every chip designed to sniff data packets. 


The conspiracy theorist in me :)


I am planning on buying the new x1 with the sm951 ssd , at such time they come on sale. 

gzt

gzt
17104 posts

Uber Geek

Lifetime subscriber

  #1242708 20-Feb-2015 00:08
Send private message

raytaylor: Is this just a mistake, a rogue staffer, or a marketing department decision f* up?

I hope its not the latter.

And we see one of these stories each year - with malware on usb sticks given out as corporate promos, or pre-installed ona  tablet etc

usually a rogue staffer is assigned as the scapegoat and the company puts out a statement that it was the factory that screwed up, they take privacy seriously, someone has been fired, bla bla bla

I think its pretty simple. Manufacturers just assume the parties offering them money to preload (ie; bloat) the system are not (a) evil or (b) stupid and get a contract signed to that effect. But no actual security auditing. That would be expensive.

But probably this requirement is about to be added. ; )

khull
1245 posts

Uber Geek


  #1242725 20-Feb-2015 00:57
Send private message

i stopped buying PCs the day a brand new HP netbook came with both Norton and McAffee installed. Not sure how they managed that in their deployment image.

These days for any brand new PC I help set up for friends/family, first thing I do is a clean install

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1242965 20-Feb-2015 11:57
Send private message

Lenovo just managed to make the web unsafe for a lot more people, not only their customers: Superfish Security Certificate Password Cracked.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1242969 20-Feb-2015 11:58
Send private message

And now a CERT Vulnerability Note on Komodia interceptor.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright