Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday February 21 2015, @03:46PM   Printer-friendly
from the fishing-for-answers dept.

Reuters reports that the US Department of Homeland Security has advised Lenovo customers to remove "Superfish" software from their computers. According to an alert released through its National Cyber Awareness System, the software makes users vulnerable to SSL spoofing and could allow a remote attacker to read encrypted web browser traffic, spoof websites, and perform other attacks on Lenovo PCs with the software installed.

Lenovo inititally said it stopped shipping the software because of complaints about features, not a security vulnerability. "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," the company said in a statement to Reuters early on Thursday. On Friday, Lenovo spokesman Brion Tingler said the company's initial findings were flawed and that it was now advising customers to remove the software and providing instructions for uninstalling "Superfish". "We should have known about this sooner," Tingler said in an email. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."

[Editor's Note: For background information on this threat, Ars Technica has coverage here, here, here, and here.]

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by fritsd on Saturday February 21 2015, @06:56PM

    by fritsd (4586) on Saturday February 21 2015, @06:56PM (#147847) Journal

    Hm.. good point.. to continue the car analogy, it is advised to first take your child out of the car before you bring the latter to the garage for recall. Unfortunately your computer doesn't protest as loudly when you bring it back to the shop where you bought it.

    And one of the first things you'd want to do with a new computer is put all the stuff from the old computer on it, so what you describe is probably quite common.

    So what's the solution? Some local company that specializes in trusted wiping of computers? (Fee to be sent to Lenovo) and then return it to the retailer?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by frojack on Saturday February 21 2015, @07:08PM

    by frojack (1554) Subscriber Badge on Saturday February 21 2015, @07:08PM (#147851) Journal

    The solution was pointed out in my first reply. Maybe re-read that?

    Remove the malware, and get on with your life.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: 3, Interesting) by JNCF on Saturday February 21 2015, @08:14PM

    by JNCF (4317) on Saturday February 21 2015, @08:14PM (#147875) Journal

    Well if we're going to be statists about the thing, the recall could simply instruct consumers on how to remove their hard-drives. I don't know how difficult that would be on the affected models, but on my ThinkPad it's about as difficult as swapping out batteries on a normal consumer device. You'll need a screwdriver, but it's a world of difference from trying to wipe the thing clean before returning it. Let Lenovo eat the cost of not getting their hard-drives back.