Laconics Round Table

Laconics Round Table
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 Lenovo notebooks compromised by Israeli software, "We messed up?"

View previous topic View next topic Go down 
AuthorMessage
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sat Feb 21, 2015 4:40 pm

Lenovo's Security-Killing Adware: How to Get Rid of It
By Paul WagenseilFebruary 20, 2015 7:00 AM - Source: Tom's Guide US | B 20 comments

Print

Tags :

  • Security


Credit: 501room/Shutterstock
UPDATED at noon Thursday EST with further information on how to detect and remove the Superfish adware. UPDATED at 10 a.m. Friday with list of affected machines. UPDATED at 4 p.m. Friday with Microsoft removal news and Firefox removal instructions. UPDATED at 4:45 p.m. Friday with a Department of Homeland Security warning about Superfish, and a denial by Superfish that its software poses a security risk.

Since at least last September, Lenovo has sold consumer PCs with preinstalled adware that hijacks secure Web connections, undermining the entire fabric of Internet security and putting Lenovo customers at risk of malware infection, financial fraud and identity theft, a new analysis finds.
The adware, called Visual Discovery and made by an Israeli company called Superfish, scans Web pages for retail products and inserts ads that offer similar products at lower prices. Many retail websites use secure HTTPS connections, but Visual Discovery breaks those connections; as a result, users who think they're connecting to Amazon.com may instead be giving their credit-card numbers to Ivan the Criminal somewhere in eastern Europe.
"You've got good guys doing what the bad guys do," Kevin Bocek of Salt Lake City-based online-security firm Venafi, said in a statement. "In this case, they're breaking everything that's been built over 20 years to create trust and privacy on the Internet."
MORE: How to Install and Use Malwarebytes Anti-Malware
In a statement provided to Tom's Guide, Lenovo said: "Superfish was previously included on some consumer notebook products shipped in a short window between October and December to help customers potentially discover interesting products while shopping."
It added that "user feedback was not positive" — complaints began arising on Lenovo user forums in September — and that "the product is no longer active" on "all [Lenovo] products in market."
"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns," Lenovo stated.

Opening the door to online criminals

However, Chris Palmer, a San Francisco-based security researcher, bought a Lenovo laptop Wednesday night (Feb. 18) and immediately discovered that his connection to the Bank of America website had been hijacked by Superfish's own root digital certificate, which had substituted itself for Bank of America's own digital certificates.
Digital certificates are long encryption keys that guarantee Web security; they tell you that you are indeed connecting to the Bank of America site, for example. Because Superfish swaps in its own certificate, there is no guarantee for the user that he really is connected to Bank of America instead of a criminal site spoofing Bank of America. (The Superfish hijack affects Internet Explorer and Google Chrome, but not Mozilla Firefox, which uses its own certificate system.)
"When you have a Lenovo computer, it appears as SuperFish is the root CA [certificate authority] of all the websites you visit," Rob Graham, CEO of Atlanta-based Errata Security, wrote on his personal blog today (Feb. 19). "This allows SuperFish to intercept an encrypted SSL [Secure Sockets Layer] connection, decrypt it, then re-encrypt it again." (Later, Graham explained how he'd cracked the Superfish certificate's password, theoretically enabling him to stage man-in-the-middle attacks on Lenovo PCs.)
Even worse, Palmer and other security researchers on Twitter quickly found that Superfish uses the same private key, an essential part of the digital certificate, for all Lenovo computers, meaning that a criminal could easily spoof the certificate. A Dutch security researcher, Yonathan Klijnsma, tweeted out the Superfish private key and posted it on Pastebin this morning.
"In this current climate of rising cybercrime, if you can't trust your hardware manufacturer, you are in a very difficult position," Marc Rogers, another security researcher in San Francisco, wrote on his blog today.
Rogers added that this was "quite possibly the single worst thing I have seen a manufacturer do to its customer base. At this point, I would consider every single one of these affected laptops to be potentially compromised and would reinstall them from scratch."

How to throw out the Superfish

That might seem a little drastic. There's actually a two-stage process to first disable Visual Discovery, and then remove the Superfish digital certificate, from a Lenovo PC, without having to wipe the hard drive and reinstall Windows.
A YouTube video suggests that Lenovo users open the Task Manager (hit Control + Shift + Esc simultaneously), open the Services tab and scroll down to find Visual Discovery. Right-clicking on Visual Discovery will allow you to stop the service; after that is done, refreshing Internet Explorer or Chrome should remove the Visual Discovery ads.
Removing Visual Discovery
As for the Superfish root certificate, it must be manually removed from Internet Explorer and Google Chrome individually.

In Internet Explorer:


  • Click the gear icon at the top right of the browser window.
  • In the resulting drop-down menu, scroll down and click Internet Options.
  • Select the Content tab.
  • Click the Certificates button.
  • Search for Superfish or Visual Discovery in both the Intermediate Certification Authorities and Trusted Root Certification Authorities tabs.
  • If you find either, select it and then click the Remove button underneath the listings field.
  • You may have to reboot your PC to make the change effective.

In Google Chrome:


  • Click the icon resembling three stacked lines at the top right of the browser window.
  • In the resulting drop-down menu, scroll down and click Settings.
  • On the Settings page, scroll down to the bottom and click Show Advanced Settings.
  • Scroll down to HTTPS/SSL, and click Manage Certificates.
  • Search for Superfish or Visual Discovery in both the "Intermediate Certification Authorities" and "Trusted Root Certification Authorities" tabs.
  • If you find either, select it and then click the Remove button underneath the listings field.
  • You may have to reboot your PC for the change to take effect.
  • It's not clear whether other PC manufacturers may also have installed Superfish adware on their machines. Lenovo says it will no longer include the software.

UPDATE: Italian security researcher Filippo Valsorda has put up a quick browser-based test for Lenovo users to see whether their Web connections are being intercepted by Superfish.
Meanwhile, Malwarebytes security researcher Chris Boyd showed PC World an even quicker method of removing the Superfish root certificate:

  • Click the Windows icon at the bottom left corner of the screen.
  • Type "cmd.exe" into the resulting search field and hit the Enter key.
  • Type "certmgr.msc" at the command-prompt in the resulting terminal window and hit Enter.
  • Select "Trusted Root Certification Authorities"in the left-hand navigation window of the resulting dialogue box, then select Certificates.
  • Select Superfish and/or Visual Discovery. Right-click and select Delete.
  • You may have to reboot the PC to effect the change.

UPDATE: Lenovo has posted a list of models affected by the Superfish software. No ThinkPad models are included.
"We're sorry. We messed up," the Lenovo US Twitter feed stated last night. "We're owning it. And we're making sure it never happens again."
The company has also posted its own set of instructions to remove both Visual Discovery and the Superfish root certificate on Windows 8.1. It promises to release a removal tool later Friday (Feb. 20).
UPDATE: Microsoft has added the Visual Discovery software and the Superfish root certificate to the list of malware and other unwanted programs to be detected and deleted by Windows Defender (in Windows 8, 8.1 and RT) and Microsoft Security Essentials (in Windows Vista and 7).
However, Windows Defender will go dormant if a third-party security solution is in place on the same machine. Microsoft Security Essentials must be manually downloaded and updated, and is not recommended if a third-party security solution is already in place.
We mentioned above that Firefox users need not worry about Visual Discovery and Superfish, but it's now apparent that's not entirely accurate. Firefox maintains its own list of recognized certificates, and the Superfish certificate, if present, must be deleted manually. Here's how:

  • Click the icon resembling three stacked lines at the top right of the browser window.
  • Click Options in the resulting drop-down menu.
  • Select the Certificates tab in the resulting dialogue box.
  • Click the button labeled View Certificates.
  • Scroll down to find Superfish.
  • Select Superfish, if you find it.
  • Click the Delete or Distrust button under the list field.
  • Click OK in the resulting warning dialogue box.

UPDATE: The Department of Homeland Security's US-CERT has issued a warning advising users and administrators of Lenovo PCs, as well as users of several other products that employ Superfish software, to remove the software and associated certificates. 
Meanwhile, Superfish told Ars Technica's Dan Goodin that "despite the false and misleading statements made by some media commentators and bloggers, the Superfish software does not present a security risk."

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
OldTimes
Sirloin
avatar

Posts : 584
Join date : 2013-04-07

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sat Feb 21, 2015 10:04 pm

wag wrote:


I wonder if naming programs after fish originated from Rybka (Russian for a little fish), a famous chess program that held the top of the charts for years, only to be replaced relatively recently by an open-source program called 'stockfish'.

http://computerchess.org.uk/ccrl/4040/rating_list_all.html

A copy of this chess program will kick any human grandmaster's butt on even a modest PC.

Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sat Feb 21, 2015 11:00 pm

Super phishing?

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
EyeBelieve
Cervelle de Veau
avatar

Posts : 6721
Join date : 2013-02-20

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sun Feb 22, 2015 4:14 am

Seems kinda cheesy for Lenovo to sell adware space; OTOH at least in the past such was common for major PC makers. Most of the adware companies, while bothersome, don't seem to be esp crooked. So I guess Lenovo/Chinese were rushed (or even pressured) & didn't do their homework about SuperFish.
Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sun Feb 22, 2015 12:33 pm

EyeBelieve wrote:
So I guess Lenovo/Chinese were rushed (or even pressured) & didn't do their homework about SuperFish.

Maybe they will start to do their homework about Israelis/jews.

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
Vidarr
Filet Mignon
avatar

Posts : 2169
Join date : 2013-01-23
Location : Iran

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sun Feb 22, 2015 12:43 pm

Lenovo used to be owned by IBM and topped the list of producing the most reliable PC's. then Lenovo was sold...

It's a shame that a company would waste a quality brand name like that for a few shekels.

But Lenovo isn't the only company shipping shady software with their Products. Right now i can't think of any company who doesn't.



_________________
-"Vidarr was easily the biggest a-hole posting here.".... "by far".
Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Sun Feb 22, 2015 1:14 pm

Vidarr wrote:

But Lenovo isn't the only company shipping shady software with their Products.  Right now i can't think of any company who doesn't.

Linus Turvalds is the real threat for his lack of "diversity". 

http://www.itworld.com/article/2872097/fake-linux-fork-pokes-fun-at-feminism-and-diversity.html

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
Vidarr
Filet Mignon
avatar

Posts : 2169
Join date : 2013-01-23
Location : Iran

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Mon Feb 23, 2015 8:09 pm

here's a site to check if your computer got that superfish or Israeli Komodia certificates

https://filippo.io/Badfish/

_________________
-"Vidarr was easily the biggest a-hole posting here.".... "by far".
Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Mon Feb 23, 2015 9:29 pm

Vidarr wrote:
here's a site to check if your computer got that superfish or Israeli Komodia certificates

https://filippo.io/Badfish/

Cool, mine's good, ... ... maybe now it's not...

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
EyeBelieve
Cervelle de Veau
avatar

Posts : 6721
Join date : 2013-02-20

PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   Mon Feb 23, 2015 11:33 pm

Vidarr wrote:
Lenovo used to be owned by IBM and  topped the list of producing the most reliable PC's. then Lenovo was sold...

It's a shame that a company would waste a quality brand name like that for a few shekels.

But Lenovo isn't the only company shipping shady software with their Products.  Right now i can't think of any company who doesn't.

IBM makes most of it's money from gummint/military now, even in the old days I think that was true, though they did sell a lot of PC's & typewriters.
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: Lenovo notebooks compromised by Israeli software, "We messed up?"   

Back to top Go down
 
Lenovo notebooks compromised by Israeli software, "We messed up?"
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Full engineering software
» photshop-software-free
» Rose Pizem........killed by her grandfather
» Why my Mac refused to install Pavtube software?
» LightScribe Software Update

Permissions in this forum:You cannot reply to topics in this forum
Laconics Round Table :: Laconics Round Table-
Jump to: