This forum is in permanent archive mode. Our new active community can be found here.

GeekNights Monday - Never Trust Lenovo Again

Tonight on GeekNights, we discuss Lenovo's egregious violation of trust in bundling ad-inserting SSL-attacking malware with their computers. The malware included a SuperFish self-signed SSL certificate allowing straight-up man-in-the-middle attacks, complete with the now-known password "komodia". Even better, "komodia" is an obvious reference to the Komodia Redirector Framework, a ready-made SSL manipulation tool. EVEN BETTER, the Komodia site is now down under the load (and a claimed DDOS). The US Department of Homeland Security has gotten involved, at least one lawsuit has begun against Lenovo, and companies like Microsoft and McAfee have added SuperFish to their antivirus software. We humbly suggest that you never trust Lenovo hardware ever again.

In other news, Rym and Scott lost some money in a bad bet regarding Apple and OSX's Gatekeeper back in 2012, Waze is angering NIMBY Luddites by better utilizing public roads, and the US government move a tiny step closer to actually doing something resembling the right thing regarding Net Neutrality.

Download MP3
Source Link
«1

Comments

  • edited February 2015
    MrPeriod said:
    I think I'm gonna feed that into an SSTV decoder just to see what happens.
    Edit: Predictably: Rainbow barf. At least under Robot, AVT, Scottie, and Martin encoding. Under B/W 8 it was slightly prettier grayscale barf.
    Post edited by Victor Frost on
  • edited February 2015
    Matt said:

    Gobots.

    Thank you.

    https://en.wikipedia.org/wiki/GoBots:_Battle_of_the_Rock_Lords

    EDIT: I have the blue guy.

    image
    Post edited by Apreche on
  • FUCK, I just realized the Lenovo owns Motorola now! FUCKING FUCK! I had finally found a phone company I liked.
  • if you are not wiping your laptop off when you buy it and reloading windows immediately you are doing it wrong anyway.
  • Cremlian said:

    if you are not wiping your laptop off when you buy it and reloading windows immediately you are doing it wrong anyway.

    More so with Win 8.1 that makes it stupidly easy to do.
  • Cremlian said:

    if you are not wiping your laptop off when you buy it and reloading windows immediately you are doing it wrong anyway.

    For most people, that's difficult. They often have weird drivers that need to be installed, and you need to have clean installation media to begin with. That already puts it beyond the grasp of most people who will ever own a laptop.

  • FUCK, I just realized the Lenovo owns Motorola now! FUCKING FUCK! I had finally found a phone company I liked.

    I will never buy a Motorola phone again either.

    Check this out (from last year):
    http://www.pcworld.com/article/2104760/preinstalled-malware-turns-up-on-new-phones.html

    Fake Netflix app spying on people.
    Marble Security found the fake Netflix app on six devices from Samsung Electronics: the GT-N8013 Galaxy Note tablet, the SGH-1727 Galaxy S III phone, the SCH-1605 Galaxy Note 2 phone, the SGH-1337 Galaxy S4 phone, the SGH-1747 Galaxy S III phone and the SCH-1545 Galaxy S4 phone.
    Samsung immediately said it wasn't them and denounced the whole thing.
    Samsung spokeswoman Jessica Baker said in an email that “if there is a fake Netflix app on the devices, it is something that was not preloaded by Samsung or U.S. carrier partners.”
    Motorola was also hit:
    The fake app was also found on three Motorola Mobility devices, the Droid Razr, Droid 4 and Droid Bionic;
    They declined to comment....

    Samsung openly denied they installed this shit. Motorola refused to say anything.


  • I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.
  • I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?

  • Rym said:

    I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?

    How do you know the hardware isn't compromised?
  • Apreche said:

    Rym said:

    I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?

    How do you know the hardware isn't compromised?
    AAAAAAAAAAA!

    In other news, check out my new cellphone.

    image
  • I think I still have one of those flip phones in my old phone drawer. Take the battery off and it is near the size of the Motorola Razr.
  • Memories.
    image
  • Rym said:

    I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?
    I know you guys are being funny, but at some I need to trust someone to write software that I simply can't.
  • Rym said:

    I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?
    I know you guys are being funny, but at some I need to trust someone to write software that I simply can't.
    I'm not really. I don't trust Lenovo's hardware to remain uncompromised, partly because of this clusterfuck, partly because of the shady interactions of the other people involved in this clusterfuck, and partly because they're a Chinese company...
  • Rym said:

    Rym said:

    I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?
    I know you guys are being funny, but at some I need to trust someone to write software that I simply can't.
    I'm not really. I don't trust Lenovo's hardware to remain uncompromised, partly because of this clusterfuck, partly because of the shady interactions of the other people involved in this clusterfuck, and partly because they're a Chinese company...
    Racist.
  • Apreche said:

    Rym said:

    Rym said:

    I think I'm going back to hacking my phone and installing cyanogenmod. Shit just can't be trusted anymore.

    How do you know the firmware isn't compromised?
    I know you guys are being funny, but at some I need to trust someone to write software that I simply can't.
    I'm not really. I don't trust Lenovo's hardware to remain uncompromised, partly because of this clusterfuck, partly because of the shady interactions of the other people involved in this clusterfuck, and partly because they're a Chinese company...
    Racist.
    Nationalist, it's the same thing, but socially acceptable.
  • I still kind of want an older x200 something from a couple of years ago. That with a fresh install of windows or Linux should be fine, right? I know you can say "do you trust the hardware?" but I don't want to get into Stallman territory.
  • edited February 2015

    I still kind of want an older x200 something from a couple of years ago. That with a fresh install of windows or Linux should be fine, right? I know you can say "do you trust the hardware?" but I don't want to get into Stallman territory.

    Yes, it's perfectly reasonable to get an old laptop with a clean Windows install. If there are any drivers or thingies you need that you can't get from Windows update, you can get them from the Lenovo web site.

    http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x200?c=1

    The thing I discussed in the show is:

    Registry Patch to Disable AMT Profile Synchronization Pop-up for Windows 7 and Vista - ThinkPad
    Post edited by Apreche on
  • image

    Am I looking at the wrong Lenovo? Shouldn't it, uh, go down lots? I'm too scared to short anything IRL
  • If the news was something most humans could relate to/understand, something like "Lenovo is stealing your information!" then maybe. But this? This is tech people news.
  • Starfox said:

    image

    Am I looking at the wrong Lenovo? Shouldn't it, uh, go down lots? I'm too scared to short anything IRL

    No one gives a shit about this except governments and ultranerds. Lenovo will do just fine.

  • I'm sitting on a Lenovo AIO at work right this second. :-/
  • Maybe there is some regional differences for Dell XPS laptops, the only thing that wasn't stock was a Dell power profile inside the Windows power utility on the laptop I got from them last year.
    They offered to have a preinstalled McAffee but I declined.

    Does the US Dell put a load of crapwear on their laptops?
  • FYI Lenovo did not load this software on it's computers sold to business, unless your company bought it from Best Buy it probably doesn't have an issue.
  • Rym said:
    Can the same political will that pushed for Net Neutrality push to eliminate corruption?

    Answer: no. There are corporations who wanted net neutrality to oppose the other perhaps richer corporations who don't want it. There are not enough rich people opposing corruption. Also, it was one thing to push the FCC which takes public comment, and something else entirely to push congress.
Sign In or Register to comment.