EvilZone
Hacking and Security => Hacking and Security => : Axon February 21, 2015, 10:59:03 PM
-
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.
http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/
Rob Graham, CEO of security firm Errata Security, has cracked the cryptographic key encrypting the Superfish certificate. That means anyone can now use the private key to launch man-in-the-middle HTTPS attacks that won't be detected by machines that have the certificate installed.
http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOX5Ky57RqE
This is crazy, now we can't even trust the laptops manufacturers!! I wonder if other companies have done the same but are still not discovered.
Lesson learned: Do Not Trust The Chinese.
-
Well I wouldn't say the Chinese because that's just ignorant, but never trust anyone/anything works ok for me.
Remember Lenovo is pretty much the most linux friendly brand for laptops.
Maybe they did this to make people switch to linux? lol.
Nah probably just wanted the extra $$$.
Simple solution:
Always wipe and reinstall OS on any hardware you buy. Takes care of the OEM crapware and any other nasties like this MITM cert that may be in your machine.
-
This affects a lot of end users as Lenovo has some of the best bangs for your buck as far as pricing and specs you get. Ive owned a couple of Lonovos. Luckily for me, the first step I take when purchasing a laptop is wipe all the OEM crap, partition my hard drive the way I like it to be for dual boot and I install an ultimate version of winblowz anyways
-
Just hours before this news broke, I was reading up on how Lenovo was the "fastest growing PC company" or similar. What a shame, but it's funny that the article I previously mentioned was removed once the news broke. This was on a well-known news website.
-
Simple solution:
Always wipe and reinstall OS on any hardware you buy. Takes care of the OEM crapware and any other nasties like this MITM cert that may be in your machine.
That's like... the first thing you do after buying a laptop with an OS - I tell that to everyone who gives a new laptop to me that is ALREADY slowing down because of all the crapware on it haha!
And I buy laptops without an OS, they are cheaper, because you don't buy the license...