Lenovo has issued a patch for a flaw in its computers, which researchers say could allow hackers to replace trusted apps with malicious versions.
Security researchers at IOActive said in an advisory detailing three separate vulnerabilities that hackers could bypass checks to ensure the integrity of apps, allowing them to run malware on an affected Lenovo machine.
Lenovo.com has been hacked. Starting at 4PM ET, users visiting the site saw a slideshow of disaffected youths, set to the song "Breaking Free" from High School Musical. At 4:17, the site seemed to have reverted to its normal self, although HTML problems persist and in some instances, the song continued to play in the background. The hacked version has reappeared intermittently as cached versions work through the system, although by 5:30pm, the site appeared to be back to normal.
On Friday Lenovo is going to tell the world about how it plans to regain the trust of its users in the wake of the Superfish clusterfuck – and may even launch an independent security audit of its products.
"Our goal, in the end, is to make this right," Lenovo's CTO Peter Hortensius told The Register on Tuesday. "It's going to take a long road to earn trust back."
Lenovo's chief technology officer Peter Hortensius has issued another statement on how the company plans to handle Superfish.
The missive explains that Lenovo has worked with anti-virus vendors to get their products flattening Superfish whenever a PC starts up and issued a removal tool.
Hortensius says Lenovo is now “in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week.”
US delivers official warning about traffic intercepting adware.
PC giant Lenovo has acknowledged that adware it pre-loaded on several notebooks can be used in man-in-the-middle interception attacks.
If you have a Lenovo system that includes the Superfish malware, you'll want to remove it. Blowing away your system and reinstalling Windows is one way to do this, but while it's a relatively straightforward process, it's a time-consuming one. Using Lenovo's own restore image won't work, because that will probably reinstate Superfish anyway. Performing a clean install from Windows media will work, but you'll have to reinstall all your software and restore all your data from backup to do the job fully.
Lenovo Group Ltd. (LNVGY) has turned to national security insiders to win U.S. approval to buy Google Inc. (GOOG)’s Motorola Mobility phone unit and International Business Machines Corp. (IBM)’s low-end server business, people familiar with the two deals said.
Lenovo has been banned from supplying hardware to the networks of the intelligence and defence services of the UK, the US, Australia, Canada, and New Zealand, according to a report.
The news was exposed in an investigation by the Australian Financial Review (AFR) published over the weekend, which found that the hardware maker is on a security blacklist kept by the US, UK, Australia, Canada and New Zealand, known collectively as the Five Eyes.
A consortium including PayPal and Lenovo, the world’s second-largest PC manufacturer, has launched a set of technology standards that could reduce reliance on passwords, potentially making online accounts more secure.
Under the standards put forward by the FIDO Alliance, the device a person is using to log in to an account would play a more central role in authentication. That would make it impossible to compromise accounts by stealing passwords, as hackers did in order to break into Twitter this month and LinkedIn last year.
The U.S. Consumer Product Safety Commission and Lenovo are recalling about 50,500 Lenovo ThinkCentre desktop computers because they could overheat and catch fire.
The CPSC said Thursday that there's been one report of a fire and another involving smoke, but no injuries were involved.
