by Dan Goodin from Ars Technica - All content on (#4E2E)
Assurances on the demise of the dangerous adware are (somewhat) exaggerated.
|
Story
Lenovo apologizes for pre-loaded insecure adware "Superfish"Similar News
by LXer from LinuxQuestions.org on (#49C7)
Published at LXer: Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser's trusted root store. The patch only removes the certificate if the...
from heise online News on (#3YXS)
Lenovo-Rechner sollen künftig nur noch mit den nötigsten Programmen ausgeliefert werden, verspricht der Hersteller. In der auf einigen Laptops vorinstallierten Adware Superfish wurde zuvor eine schwere Sicherheitslücke entdeckt.
|
by Peter Bright from Ars Technica - All content on (#3YVQ)
After its security disaster, company promises "cleaner, safer PCs."
|
by Mark Anderson from IEEE Spectrum on (#3WK2)
Proposed exemptions to the DMCA could free white hats to make networked devices more secure
by Jack Schofield from Technology | The Guardian on (#3VVA)
Anthony has a new Lenovo laptop and wonders if he should be concerned. Jack Schofield says that’s the tip of the iceberg and everyone should be worried.When I started working abroad about three months ago, my company provided me with a new Lenovo laptop. Should I be worried? AnthonyEveryone should be worried, but not for the obvious reason.
|
by Alex Hern from Technology | The Guardian on (#3VT5)
The hacking collective took over the Lenovo site for several hours on Wednesday, redirecting users to a slideshow of bored teenagersLenovo, the PC maker at the centre of the Superfish controversy, suffered its own security breach on Wednesday when its main website was defaced, redirecting users to a slideshow of pictures of bored-looking teens (apparently the hackers themselves) set to the song Breaking Free from High School Musical.Clicking on the slideshow sends users to the Twitter account of hacking collective the Lizard Squad, while viewing the source of the page reveals a note reading “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey†– two people previously named by security reporter Brian Krebs as being members of the group.Related: How can I find and remove Superfish and similar malware?Expect more lizard mischief soon.Related: What will happen to the Lizard Squad hackers? Continue reading...
by Dan Goodin from Ars Technica - All content on (#3VAZ)
Crypto-busting apps may have been exploited against visitors of Google and dozens more.
|
by Dan Goodin from Ars Technica - All content on (#3TYY)
Valuable Lenovo.com is hijacked, allowing attackers to intercept Lenovo email.
|
by LXer from LinuxQuestions.org on (#3RZS)
Published at LXer: But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak password to launch a man-in-the-middle attack, but its SSL validation is broken,...
from heise online News on (#3PQQ)
Die Affäre um gefährliche CA-Zertifikate weitet sich aus; nunmehr sind mehr als ein Dutzend Anwendungen bekannt, die Computer anfällig für Man-in-the-Middle-Angriffe machen. Ausgangspunkt: Die SSL-Unterbrechungs-Technologie SSL Digestor von Komodia.
|
by LXer from LinuxQuestions.org on (#3PA5)
Published at LXer: Not surprisingly, the controversy over Lenovo installing Superfish adware into its consumer PCs has resulted in a lawsuit. Read More......
by Megan Geuss from Ars Technica - All content on (#3P74)
At least one lawsuit has been filed and one investigation has begun.
|
by Dan Goodin from Ars Technica - All content on (#3P61)
CTO pledges new policy to prevent similar mishaps in the future.
|
from Techreport on (#3R5K)
The Superfish saga continues. In its latest statement about the vulnerability, Lenovo has provided a link to an "automated removal tool" that can rid users of Superfish's ill-fated Virtual Discovery software. The statement also clarifies a few things, including the fact that ThinkPad laptops are, mercifully, unaffected by the Superfish snafu:As we've said previously, Lenovo is exploring every action we can to help our users address ...Read more...
by LXer from LinuxQuestions.org on (#3NDF)
Published at LXer: Owners of Lenovo computers are, therefore, not the only folks at risk of man-in-the-middle (MitM) attacks. So exchanging your Lenovo computer for another Windows brand won’t do...
by Alex Hern from Technology | The Guardian on (#3N35)
Komodia’s SSL hijacking package that could leave users open to security breach discovered in other software besides Lenovo-bundled adware
|
by Rich Brueckner from High-Performance Computing News Analysis | insideHPC on (#3N0B)
While Lenovo now scrambles into Damage Control mode in the wake of the Superfish scandal, the question for our readers is: how will this affect Lenovo's ability to sell to the U.S. Federal supercomputing market?
|
from Techreport on (#3R5M)
It's always a busy month in the field of security. This month has seen its share of ugly stories, including the growing amount of state tax fraud, massive bank heists, and another depressing breach of our personal privacy by a major business. Those stories are all big, but the one that really captivated the attention of our community has been the one about Lenovo and Superfish.That story has all the requisite narrative pieces to be a big tale that riles the enthusiast: a large PC maker pushing crapware onto untold numbers of users, that crapware being adware afflicted with a major security flaw, ...Read more...
by Dan Goodin from Ars Technica - All content on (#3MJ8)
Titles from security firms Lavasoft and Comodo leave users open to easier attacks.
|
by LXer from LinuxQuestions.org on (#3MDX)
Published at LXer: Lenovo is all over the media recently, and not for a good reason. The revelation that it corrupted its computers with the vile Superfish adware has shocked many people in the...
Chinese vendor belatedly tools up against ad-scumware A bruised Lenovo has released a removal tool for the Superfish vuln that hijacks web browsers to inject ads into pages.…
|
from heise online News on (#3JW6)
Der Windows Defender erkennt die Adware Superfish neuerdings als schädlich. Neu ist daran aber nur die Art der Einstufung, denn als problematisch hat Microsoft Superfish bereits vor Jahren erkannt.
|
from heise online News on (#3HDD)
Lenovo liefert ein Säuberungsprogramm gegen die auf Laptops vorinstallierte Adware Superfish Visual Discovery. Jene hat im Zusammenhang mit Verschlüsselungszertifikaten für Schlagzeilen gesorgt; sie macht PCs anfällig für Man-in-the-Middle-Angriffe.
|
by Dan Goodin from Ars Technica - All content on (#3GG5)
Denial comes despite near-unanimous agreement that it left Lenovo users wide open.
|
by tronayne from LinuxQuestions.org on (#3GF1)
US-CERT published the subject alert 20FEB2015 at 1210. *Systems Affected*: Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others. *Overview*: “Superfishâ€...
by Dan Goodin from Ars Technica - All content on (#3G9E)
Lenovo wasn't the only one using SSL certs that unlock every SSL site on the Internet.
|
by Peter Bright from Ars Technica - All content on (#3G7X)
Signature update removes the dangerous certificate and the VisualDiscovery app.
|
from Hacker News on (#3EMD)
Comments
from Techreport on (#3KK6)
Following the furore over the Superfish snafu, Lenovo is now in full damage-control mode.Speaking to the folks at PC World , Lenovo CTO Peter Hortensius used the words "significant mistake" to describe the firm's decision to ship malware ...Read more...
by Peter Bright from Ars Technica - All content on (#3EF7)
Uninstalling the software doesn't undo the damage it does to your system.
|