Login

LynnInDenver · 02-20-2015, 03:54 AM

If you did, clear the certificates and Superfish software, and then change 100% of your passwords, immediately.
http://arstechnica.com/security/2015/02 ... nnections/
--

"You know how parents tell you everything's going to fine, but you know they're lying to make you feel better? Everything's going to be fine." - The Doctor

Dartz · 02-20-2015, 04:07 AM

With Samsung selling Telescreens to a rabid public, where is a man to go to stay hidden these days?
________________________________
--m(^0^)m-- Wot, no sig?

LynnInDenver · 02-20-2015, 05:25 AM

And.... it gets worse.
--

"You know how parents tell you everything's going to fine, but you know they're lying to make you feel better? Everything's going to be fine." - The Doctor

LilFluff · 02-20-2015, 08:28 AM

I'd hate to be a Lenovo executive or anyone involved in doing this right now. China's already been annoyed by some countries *cough*the US*cough* suggesting that Huawei and other Chinese electronics companies should be banned from government purchasing contracts and from use by major contractors due to spying concerns. And now Lenovo, a Chinese company, goes and pulls a move this boneheaded. I would not be surprised if the Chinese authorities decided examples should be made.
-----

Will the transhumanist future have catgirls? Does Japan still exist? Well, there is your answer.

ordnance11 · 02-21-2015, 02:54 AM

I smell conspiracy.
__________________
Into terror!, Into valour!
Charge ahead! No! Never turn
Yes, it's into the fire we fly
And the devil will burn!
- Scarlett Pimpernell

**Labster** · 02-21-2015, 09:06 AM

JFerio Wrote:And.... it gets worse.

Actually, the situation managed to get even worse. Now you can pretend to be $bank with a self-signed cert, no cracking necessary. We have now crossed the line from major security flaw to catastrophuck.
-- ∇×V

LynnInDenver · 02-21-2015, 04:37 PM

I think if we do anything at THIS point, is thank Lenovo for at least making it a situation that became visible sooner, rather than later.

Still... there should be heads rolling.

Since it can be tested for... I think banking sites should start doing so, and throwing warnings at people about their browsers being compromised. This is superbad. This might well be as bad as Heartbleed and Shellshock, if not worse.

BTW, searching for "komodia products" (because I need to know what to avoid), the first TWO results are about the horrible security nightmare they've created. The third is their product page. I suspect their PR nightmare has only just begun.

Still leaving Lenova in my "never buy" list, though.
--

"You know how parents tell you everything's going to fine, but you know they're lying to make you feel better? Everything's going to be fine." - The Doctor

**M Fnord** · 02-21-2015, 10:05 PM

Speaking of tests, if you've got a recent Lenovo product and/or are really paranoid, go here to see if you've got any Superfish bullshit on your system.
Mr. Fnord interdimensional man of mystery

FenWiki - Your One-Stop Shop for Fenspace Information

"I. Drink. Your. NERDRAGE!"

Black Aeronaut · 02-23-2015, 10:38 AM

The shitstorm worsens.

http://arstechnica.com/security/2015/02 ... more-apps/

At this point, I don't think many people are safe. Better check your machines, regardless. I've already checked mine out. I'm clean, thank God.

**robkelk** · 02-23-2015, 06:41 PM

We've known since POODLE that SSL is broken beyond repair.

From http://www.us-cert.gov/ncas/alerts/TA14-290A

United States Computer Emergency Readiness Team Wrote:There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol

Don't use SSL.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012

Login
Username:
Password:	Lost Password?
	Remember me