[Hidden-tech] Lenovo does it again!

Jan Werner jwerner at jwdp.com
Sat Aug 15 07:25:56 EDT 2015

Previous message: [Hidden-tech] Lenovo does it again!
Next message: [Hidden-tech] Lenovo does it again!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This vulnerability depends on a specific feature in Windows 8 and 10 
that is meant to let OEMs provide anti-theft capabilities in firmware 
(how ironic!).  So even on a system with the rogue firmware, Linux 
should not be affected, nor should Windows 7 for that matter.

Also, according to Lenovo, this was only applied to consumer products, 
not the "Think" lines, which are designed mostly for professionals and 
enterprises. That was also the case with Superfish.

So you are almost certainly safe, but that doesn't change the fact that 
Lenovo clearly has no regard for the safety or privacy of their 
customers and simply cannot be trusted.

Jan Werner
_____________

Robert Heller wrote:
> At Fri, 14 Aug 2015 19:19:47 -0400 jwerner at jwdp.com wrote:
>
>>
>>
>>
>>
>> I used Lenovo computers almost exclusively for years, but after the
>> Superfish fiasco early this year, I swore off ever using them again.
>>
>> And now, here's news that they have gone even further, by adding a
>> feature to the BIOS of some of their computers that injects crapware
>> even if you wipe the disk and do a clean installation of Windows.
>
> What happens if you do a clean install of Linux?
>
> For me Lenovo *laptops* have become the only real option, but I never buy new
> computers and never run MS-Windows on them -- I only even run Linux.  As far
> as I know, only Lenovo laptops still have trackpoints and three buttons -- I
> won't use a touch pad -- I just don't have the 'touch' for one.  And I make
> heavy use of a real middle button (and don't use or like scroll wheels).
>
>>
>> This introduces a critical vulnerability that cannot be removed by any
>> normal procedures, including a full system re-installation, so anyone
>> who has purchased a Lenovo Windows computer in the past year definitely
>> needs to find out if they are affected and if so, apply the fix ASAP.
>>
>> This hasn't received the publicity that Superfish got, although it is
>> far more insidious.
>>
>> Ars Technica provides a fairly technical explanation and also links to
>> pages on Lenovo's site where you can find out if your system is affected
>> and in some cases download a fix.
>>
>> http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/
>>
>> or:  http://tinyurl.com/qcaff6t
>>
>> There is just no way to trust a company that can do this kind of thing.
>>
>>
>> Jan  Werner
>>
>>
>>
>>
>> _______________________________________________
>> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
>> Hidden-discuss at lists.hidden-tech.net
>>
>> You are receiving this because you are on the Hidden-Tech Discussion list.
>> If you would like to change your list preferences, Go to the Members
>> page on the Hidden Tech Web site.
>> http://www.hidden-tech.net/members
>>
>>
>

Previous message: [Hidden-tech] Lenovo does it again!
Next message: [Hidden-tech] Lenovo does it again!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Hidden-discuss mailing list