Lenovo apologizes for pre-loaded insecure adware "Superfish"
Lenovo, the world's largest PC manufacturer, has apologized for security flaws in the malware they pre-install on consumer laptops, and attempted to issue instructions on how to fix a flaw that fatally compromised user security. The company was forced to issue a second set of instructions after security experts said that following its first set would do nothing to patch up the security holes the adware created. But even the second set is "incomplete", according to researchers, and leaves users of the popular Firefox browser vulnerable.
Sadly, while apologizing for the security hole the software opens up, they are standing by their pre-installed malware, saying "this tool was to help enhance our users' shopping experience". The software bombarded affected users with pop-up adverts and injected more ads into Google searches. Security experts say it also left a gaping security hole on every computer, in the form of a self-signed root certificate. That certificate was used by the software to inject adverts even into encrypted websites, but its presence has the side-effect of making affected Lenovo computers trivially easy to hack with a "man in the middle" (MITM) attack, in which a hacker uses the certificate to pretend to be a trusted website, such as a bank or e-commerce site. The "man in the middle" can then steal information passed over the internet, even while the user believes they are safely browsing with encryption turned on. Filippo Valsorda, who created the Badfish tool for determining if a computer is affected by the software, has offered instructions for how to remove it from that browser as well.
Sadly, while apologizing for the security hole the software opens up, they are standing by their pre-installed malware, saying "this tool was to help enhance our users' shopping experience". The software bombarded affected users with pop-up adverts and injected more ads into Google searches. Security experts say it also left a gaping security hole on every computer, in the form of a self-signed root certificate. That certificate was used by the software to inject adverts even into encrypted websites, but its presence has the side-effect of making affected Lenovo computers trivially easy to hack with a "man in the middle" (MITM) attack, in which a hacker uses the certificate to pretend to be a trusted website, such as a bank or e-commerce site. The "man in the middle" can then steal information passed over the internet, even while the user believes they are safely browsing with encryption turned on. Filippo Valsorda, who created the Badfish tool for determining if a computer is affected by the software, has offered instructions for how to remove it from that browser as well.
"Description: tools to wipe files, free disk space, swap and memory
Even if you overwrite a file 10+ times, it can still be recovered. This
package contains tools to securely wipe data from files, free disk space,
swap and memory."
Once DBAN was recommended by many, but it appears to have been snatched up
by a company and depending on many factors, including whether or not the
company involved is located in the US, I'm sure it's been hobbled by now.
I would not trust DBAN.
I would not trust other Windows wiping tools for many reasons, one because
you'd be using Windows, two I've heard of these programs being modified by
malware after installation and rendered useless. They will go through the
motions but not wipe everything or in some instances, wipe nothing!
use 'hexdump -C drivenameyouwiped | less' following the wiping using
secure-delete.
you can also use the 'dd' command to add additional wipes if you're
paranoid.
before you feel your job is done, i'll just leave this here
for your consideration:
---DCO and HPA (Host Protected Area of HDDs)---------
http://en.wikipedia.org/wiki/Host_protected_area
http://www.forensicswiki.org/wiki/DCO_and_HPA
http://hddguru.com/software/2005.10.02-MHDD/
http://hddguru.com/software/2006.01.20-Hitachi-Drive-Feature-Tool/
http://hddguru.com/software/2007.07.20-HDD-Capacity-Restore-Tool/
http://www.itsecure.at/hparemove-v0-2/
http://www.sleuthkit.org/informer/sleuthkit-informer-17.html#hpa
-----------------------------------------------------