2 recommendations |
Lenovo website hacked, employee emails compromisedLizard Squad group takes responsibility quote: Chinese computer and smartphone firm Lenovo Group Ltd said its website was hacked on Wednesday, its second security blemish days after the U.S. government advised consumers to remove software called "Superfish" pre-installed on its laptops.
Hacking group Lizard Squad claimed credit for the attacks on microblogging service Twitter. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to lenovo.com to another address, while also intercepting internal company emails.
Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. The software was at the centre of public uproar in the United States last week when security researchers said they found it allowed hackers to impersonate banking websites and steal users' credit card information.
In a statement issued in the United States on Wednesday night, Lenovo, the world's biggest maker of personal computers, said it had restored its site to normal operations after several hours.
» www.cbc.ca/news/technolo ··· .2972976So I wonder who the Chinese are going to blame. Blake |
|
scelli (banned)Four More Years! join:1999-08-07 FLOT/FEBA |
scelli (banned)
Member
2015-Feb-26 1:31 am
said by Link Logger:Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. Any idea what was discussed in those e-mails? |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
More here, it would appear email was taken as well. » arstechnica.com/security ··· servers/ |
|
1 recommendation |
to Link Logger
quote: Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Googles Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked.
Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others.
Webnic.cc is currently inaccessible.
» krebsonsecurity.com/2015 ··· domains/ |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB 1 edit
1 recommendation |
to Link Logger
"So I wonder who the Chinese are going to blame." ¿ ¿ The ONE who like "SUPER_fish" ............... just kidding *_* #confirm : Superfish removal bricks some devices? Great work Lenovo pic.twitter.com/phXiBS3KzO Lizard Squad (@LizardCircle) February 25, 2015 Lizard Squad is claiming responsibility for a hack over Lenovo's website that, under certain conditions, is redirecting visitors to a splash page with the names of two alleged members of the Lizard Squad group embedded within the HTML code. The splash page was advertised as the "new and improved" Lenovo website which carried a link to the Lizard Squad Twitter account and played the High School Musical song "Breaking Free" in the background. We're breaking free! Soarin', flyin', there's not a star in heaven that we can't reach! Lizard Squad (@LizardCircle) February 25, 2015" |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Link Logger
Some news via ESET on the Lizard Squad hack of LOL-Lenovo: » www.welivesecurity.com/2 ··· ibility/Some corrections were made on detections of SuperFish. |
|
siljaline |
to Link Logger
The LOL-Lenovo SuperFish Flap has caused some serious buzz kill on the LOL-Lenovo brand - » www.computerworld.com/ar ··· lap.html |
|
dave Premium Member join:2000-05-04 not in ohio
4 recommendations |
to Link Logger
Oh, please please please tell me the breakin made use of the Superfish certificates stored on Lenovo's web server |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2015-Feb-26 2:15 pm
That would be funny as hell. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Link Logger
This Verge article (now outdated) broke across many MVP Alum mailing lists when the Lenovo site was first compromised - it shows the timeline of events. » www.theverge.com/2015/2/ ··· rd-squad |
|
|
to Link Logger
Webnic Registrar Blamed for Hijack of Lenovo, Google Domains26 Feb 15quote: ...the Lizard Squad used a command injection vulnerability in Webnic.cc to upload a rootkit - a set of hacking tools that hide the intruder's presence on a compromised system and give the attacker persistent access to that system.
... the Lizard Squad also gained access to Webnic's store of "auth codes"; (also known as "transfer secrets" or "EPP" codes), unique and closely-guarded codes that can be used to transfer any domain to another registrar.
...the rootkit has been removed from Webnic's servers, meaning the Lizard Squad should no longer be able to hijack Webnic domains with the same method they used to redirect Lenovo.com or Google Vietnam.
» krebsonsecurity.com/2015 ··· domains/ |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Link Logger
A nice hash-up of what's been going on this past week or so that surely is of interest to some. Zero Day Weekly: Superfish attacks, FBI GameoverZeus bounty, Komodia in Lavasoft » www.zdnet.com/article/ze ··· avasoft/ |
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2015-Feb-27 10:57 am
Linked article, also interesting: » www.zdnet.com/article/th ··· g-in-it/Amusing quote: quote: It sounds to me like if Lenovo were a car company, you'd start driving to your mother's house, but before you even got to the end of your street, the car would have decided to take a detour, pick up a few of its mates, and head out for pizza.
Depressing quote: quote: Many of the sci-fi dystopias of the 1970s imagined the creation of a two-tier society, with one level for corporations and governments in an all-too-close alignment, and the other an endless advertising-riddled shopping mall for the proles. Well, it's already here.
|
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Link Logger
Wow. Lenovo hits it out of the park. Only essential software and drivers included from now on, with full transparency - » twitter.com/SwiftOnSecur ··· 55904258 |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2015-Feb-27 5:36 pm
Yeh maybe they should have done that before? |
|
scelli (banned)Four More Years! join:1999-08-07 FLOT/FEBA |
to siljaline
Considering there are some who persist in using this ridiculous buzzword (current and previous occupants of 1600 Pennsylvania Avenue immediately come to mind...) as some sort of magical cure-all, then those same persons, organizations or entities immediately lose credibility in my mind. I'd rather the bunch of them just shut their pie holes and correct the problem ASAP instead of belching out useless rhetoric. The phrase (as well as those who insist on coining it) need to be sent packing. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to siljaline
|
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
Read that, Snowy , TA, tough - it's more LOL-Lenovo Corporate CYA as is offering six-month subscription to Intel's McAfee LiveSafe |
|
|
scelli (banned)Four More Years! join:1999-08-07 FLOT/FEBA |
to Snowy
said by Snowy:The full press release A lot of nice words coming from an organization caught with one hand in the cookie jar and the thumb of the other hand firmly shoved up another area we won't mention here. Anyone catch this miniscule but quite revealing part of the statement and then do an immediate double-take like I did: This should eliminate what our industry calls adware and bloatware.Now I ask you, folks: since Lenovo was already well aware they were pre-loading such junk on their PC's for the end-user to "enjoy", does anyone really think these bozos would have ceased doing so if the doo-doo hadn't hit the oscillation machine last week? |
|
dave Premium Member join:2000-05-04 not in ohio |
to scelli
You're focusing on the wrong words. The right words to look at closely are "essential software".
Essential how, to whom, and why? |
|
scelli (banned)Four More Years! join:1999-08-07 FLOT/FEBA |
scelli (banned)
Member
2015-Feb-27 11:36 pm
said by dave:You're focusing on the wrong words. The right words to look at closely are "essential software".
Essential how, to whom, and why? You lost me here: where is so-called "essential software" mentioned in that statement? Of course they are welcome to place those two words together until the cows come home, but they won't be using the same dictionary I and many others do when defining the proper meaning of the term. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2015-Feb-28 12:06 am
said by scelli:You lost me here: where is so-called "essential software" mentioned in that statement? You won't find that in the Lenovo statement. It's attributable to the tweeter that did what tweeters do - condense many words to few words. "essential software"is the tweeters interpretation of Lenovo's " our standard image will only include the operating system and related software, software required to make hardware work well (for example, when we include unique hardware in our devices, like a 3D camera), security software and Lenovo applications."» news.lenovo.com/article_ ··· _id=1934 >>>>> » twitter.com/SwiftOnSecur ··· 55904258said by scelli:Of course they are welcome to place those two words together until the cows come home, but they won't be using the same dictionary I and many others do when defining the proper meaning of the term. Both you & dave are arguing the same point - words are cheap, that it's not what one says but what one does that brings about measurable/meaningful change. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
to Link Logger
Talk is easy. Actions are what impress folks. And Lenovo's actions to date are... uhmm... less than impressive. The negative impressions created by their past actions will only be altered by their future positive actions, not their promises nor their wordsmith abilities. In between now and the future, people will view them in light of what they did, not by what they've promised to "fix" things. And justifiably so... |
|
scelli (banned)Four More Years! join:1999-08-07 FLOT/FEBA
2 recommendations |
to Snowy
said by Snowy:...is the tweeters interpretation of Lenovo's Didn't see that link with the "tweets" and probably would have ignored it anyway as don't do the tweeting thing. The comments displayed are yet another classic example as to why I don't get involved with social media like Twitter, Facebook and others of their ilk by the way: one half of those expressing their opinion apparently are being judicially cautious of the peaches-and-cream mea culpa statement by Lenovo and rightfully so in my opinion. The other half want to elevate Lenovo practically to sainthood for their stunning turnaround in support of computer users everywhere after such a naughty faux pas...or so it would seem on the surface. Talk is cheap as a number of us here are more than aware. |
|
dave Premium Member join:2000-05-04 not in ohio |
dave to Snowy
Premium Member
2015-Feb-28 8:03 am
to Snowy
Ah, yes: "essential software" was not used in the Lenovo statement, only in the Twit link that siljaline posted. My error. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Link Logger
Issues fix to remove crapware's certificate from the browser's repository quote: Mozilla has released an update to Firefox that erases the self-signed digital certificate implanted by Superfish, the vulnerable adware that blew up in Lenovo's face a week and a half ago.
» www.computerworld.com/ar ··· fox.html» twitter.com/gkeizer/stat ··· 00068353 |
|
siljaline
1 recommendation |
to Link Logger
Ed Bott makes a valid statement and point here ! quote: Is it time to force PC makers to disclose how much they make from crapware?
» www.zdnet.com/article/is ··· ing-act/ |
|
siljaline
1 recommendation |
to Link Logger
Conn. AG launches Lenovo-Superfish 'crapware' probe | Asks companies to provide information in 20 days about contracts, 'financial arrangements,' testing, much more. quote: Three days after Chinese computer maker Lenovo promised to flush "crapware" from its consumer PCs, Connecticut's state attorney general announced a probe into the company's practice of bundling adware. [...]
» www.computerworld.com/ar ··· obe.html |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
to scelli
said by scelli:This should eliminate what our industry calls "adware" and "bloatware". So what are the new adjectives now for "adware" and "bloatware"? |
|
NOYB |
to Link Logger
Something even more insidious is on the way to your next new computer. Like such capabilities being embedded in to essential system software, drivers, and hardware, etc.
|
|