Slashdot Mirror


User: Khyber

Khyber's activity in the archive.

Stories
0
Comments
13,671
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,671

  1. Re:Only a partial removal? on Lenovo To Wipe Superfish Off PCs · · Score: 3, Insightful

    "Well Mozilla products are defective in this area IMHO. They should system certificate stores by default rather than their own."

    Nope. Having your own cert store protects you if the primary OS cert store gets fucked.

    My god it is like the lessons of granular security have just been totally forgotten, these days.

  2. Re:All the more reason... on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Wrong. You can live hot-swap. This is a trick that has been around for ages for single-BIOS machines. You boot up with a known good BIOS, after the system has loaded up, while it's still live, you pull the good BIOS chip, insert the bricked one, run your firmware update. Did you even read the entirety of my original statement where this was specified?

  3. Re: One strike on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Who needs the case? Also, nobody in this thread mentioned laptops specificaly.

    Also, we've got 3-D printing. Just print a shell. Plenty of stuff out there already made up for several nearly-standard laptop logic boards.

  4. Useless on Lenovo To Wipe Superfish Off PCs · · Score: 5, Informative

    I will guarantee you that this particular 'update' will only take care of the core OS infection. If you have FF, Opera, or Thunderbird, do not expect this to work. You're stuck fixing those programs and their cert stores on your own.

    I wouldn't trust Lenovo, anyways. They can't keep a story straight.

    First they say 'Between October and December' and then just a few lines later contradict themselves by saying they stopped in January.

    Then they further contradict their words by releasing a security advisory stating they stopped in February.

    We know this software has been on Lenovo laptops since June, at the least. So the Oct-Dec statement is a lie. Three straight lies in a row.

    Simply put, you cannot trust this company any longer. Their 'fix' is a lie, their statements are lies, and they're trying to save face to avoid the Federal hand of pain bearing down upon them.

  5. Re:"Lenovo Allegedly Installing "Superfish" Proxy. on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    "Well, it just so happens that when you install a nice, secure OS instead of the spyware that comes with your Lenovo product, you do not have to worry about this issue"

    Except this stuff can hit FF and Opera and Thunderbird, which don't use the OS's cert store. Which means FireFox on Linux and BSD can get fucked as well.

    And since this crapware is utilized as the base for many other programs, many of which have Linux ports, you can be rest-assured that there are quite likely infected Linux machines.

    Well, no surprise someone freely espousing OSS nonsense wouldn't have half a fucking clue what they're talking about.

  6. Re:Caught with their pants down. on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Yup, lying sacks of shit. I caught them in their lie, too.

    They say they stopped this in December?

    Why does this say it stopped in January here in the official topic?

    Why does this updated "security advisory" state February as the actual stopping month?

    Lenovo is a lying sack of shit. We should start a change.org petition and tell the Gov't to bar Lenovo from all future USGov't contracts.

  7. Re:Nothing new. on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    " they SAY there is a removal script.

    does it do a complete job?"

    Not. Even. Close.

    You might clean out the cert store for Windows, but that does nothing if you have FF/Thunderbird or Opera installed. They have their own cert stores and those get infected, too. Lenovo won't touch those programs.

  8. Re:Revenge on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    "they would never get convicted on anything close to CFAA levels."

    The amount of 'negligence' this amounts to (hijacking EVERY type of traffic, including VPN) leaves them no room. They should've discovered this in a basic software audit. It took some random joe like 8-12 hours to crack this and make a program to sniff the traffic of EVERY computer with this stuff installed, and log the traffic.

  9. Re: One strike on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Don't have the TIME?!?

    It takes like 15 minutes to build a system from base components if you're handy with a hex driver (for standoff installation) and a screwdriver for the rest of the system.

    It takes longer to cook a pot of rice.

  10. Re:One strike on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    "a decent, 7200 RPM, SSD"

    One of those terms does not belong. I'll leave it as an exercise to you as to which one.

  11. Re:Damn odd definition of running fast on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    It's been proven that in many cases emulating/virtualizing is much faster even in running software.

    But you probably are to young to remember when at one point and time WINE was giving games better Linux performance versus their native Windows version - upwards of a 10% increase in framerate.

  12. Re:I used to recommend IBM/Lenovo on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    I've had several shit runs with Toshiba recently. Let's see...

    Newer Toshiba - 64-bit system - dual core, Intel 965, HARD LIMIT TWO GIGS OF RAM.
    Older Toshiba - 32-bit system - dual core, Overclockable Intel 945 (and it stomps the shit out of the 965 once brought to the original design spec clock speed of 400MHz vs 166 MHz and does so with almost ZERO increase in thermals) and can have a maximum of 4GB of RAM.

    That's pretty shitty as far as I'm concerned. Thoughtless hardware limitations, newer hardware that's WEAKER than a prior-gen model FOR MORE CASH, and their DC jacks fucking SUCK (I've just hard-soldered the power adapters to the board to fix that problem.)

    Their batteries are equally shit, more prone to heat degradation even moreso than HP, and HP is the king of hot fucking laptops.

  13. Re:All the more reason... on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    "Yes, using the BIOS to flash the BIOS will definately remove any malware.

    Oh wait....."

    While you jest, this is how we used to fix broken BIOS - swap with a known good one that has had it's contents dumped, boot the machine, remove BIOS, insert briced BIOS chip, re-flash with the known good image ripped from the boot BIOS.

    In fact, that's how many systems operate today, as they come with a secondary backup BIOS.

  14. Something else to note on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Since this thing tries to infect the Cert Store each browser utilizes, removing the stuff from the Windows Cert Store will not remove the stuff in Thunderbird, FF, or Opera. Those are still infected and vulnerable.

    Looks like a full DBAN zero-out format is the only way to go.

  15. Re:Yes where your degree is from matters on Carnegie-Mellon Sends Hundreds of Acceptance Letters By Mistake · · Score: 1

    Apparently you can't follow the conversation.

    Try reading at my first post and working your way down the thread, instead of assuming you know full-well what is being discussed. It's obvious you missed some critical stuff.

  16. I just caught Lenovo in a lie on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    http://imgur.com/H8459Z3,87zOr...

    Oh how quickly you changed your original statement from January to February.

    Good thing we can screencap and HTML-rip your entire site for the proof, Lenovo.

  17. Looks like not only Lenovo. on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Still doesn't absolve Lenovo of failing to do proper audit/review.

    http://marcrogers.org/2015/02/...

    And *NOW* Lenovo is trying to CYA more by issuing a 'security advisry' for the software:

    http://support.lenovo.com/us/e...

  18. Re:Is javascript dangerous? on Jamie Oliver's Website Serving Malware · · Score: 1

    Chrome fails more than 50% of the time when it crashes on JS on anime sites I view. Whole browser locks up. Chrome can't even deliver a warning.

    Also, Chrome's default security sucks.

  19. Re:Nonsense. on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    You apparently don't know how to read.

    It injects into FF's store. Not the fucking OS.

    Re-read, comprehend, understand, then try your comment again.

  20. It's everything down to the ThinkPad line on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    https://forums.lenovo.com/t5/W...

    Registry entries are there even on laptops from 2011.

    So this has likely been in planning stages for years.

  21. Re:Computer Fraud and Abuse Act (CFAA) on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Considering it's bypassing BANK security stuff as well as anything else using SSL...

    Well, the execs won't see jail time - they're in fucking China.

  22. Re:Nonsense. on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    "Really guys? This is on the Windows side"

    Nope, just tried using the injection code that the malware has for FireFox under Linux (Ubuntu) - it works and injects into FF's certificate store.

    Perhaps you should do some of the work yourself instead of spouting off nonsense.

  23. Re:Firefox immune to this shit on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Correction: There might be code to inject into FF and Opera - https://twitter.com/supersat/s...

  24. Re:Did anyone bother to check this out? on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Yea, and it's a big lie as there are forum posts in JUNE talking about this exact software.

    Do you bother to do investigation before jumping to a conclusion?

  25. Re:Another on the list on Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers · · Score: 1

    Lenovo is a Chinese company, now. Where the fuck have you been, in a cave?