[Hidden-tech] Lenovo does it again!

[Robert Heller]

At Sat, 15 Aug 2015 07:25:56 -0400 jwerner at jwdp.com wrote:

> 
> This vulnerability depends on a specific feature in Windows 8 and 10 
> that is meant to let OEMs provide anti-theft capabilities in firmware 
> (how ironic!).  So even on a system with the rogue firmware, Linux 
> should not be affected, nor should Windows 7 for that matter.

This *sounds* like Microsoft is in on the deal, since the "specific feature in 
Windows 8 and 10" is presumably something Microsoft added...

> 
> Also, according to Lenovo, this was only applied to consumer products, 
> not the "Think" lines, which are designed mostly for professionals and 
> enterprises. That was also the case with Superfish.
> 
> So you are almost certainly safe, but that doesn't change the fact that 
> Lenovo clearly has no regard for the safety or privacy of their 
> customers and simply cannot be trusted.
> 
> Jan Werner
> _____________
> 
> Robert Heller wrote:
> > At Fri, 14 Aug 2015 19:19:47 -0400 jwerner at jwdp.com wrote:
> >
> >>
> >>
> >>
> >>
> >> I used Lenovo computers almost exclusively for years, but after the
> >> Superfish fiasco early this year, I swore off ever using them again.
> >>
> >> And now, here's news that they have gone even further, by adding a
> >> feature to the BIOS of some of their computers that injects crapware
> >> even if you wipe the disk and do a clean installation of Windows.
> >
> > What happens if you do a clean install of Linux?
> >
> > For me Lenovo *laptops* have become the only real option, but I never buy new
> > computers and never run MS-Windows on them -- I only even run Linux.  As far
> > as I know, only Lenovo laptops still have trackpoints and three buttons -- I
> > won't use a touch pad -- I just don't have the 'touch' for one.  And I make
> > heavy use of a real middle button (and don't use or like scroll wheels).
> >
> >>
> >> This introduces a critical vulnerability that cannot be removed by any
> >> normal procedures, including a full system re-installation, so anyone
> >> who has purchased a Lenovo Windows computer in the past year definitely
> >> needs to find out if they are affected and if so, apply the fix ASAP.
> >>
> >> This hasn't received the publicity that Superfish got, although it is
> >> far more insidious.
> >>
> >> Ars Technica provides a fairly technical explanation and also links to
> >> pages on Lenovo's site where you can find out if your system is affected
> >> and in some cases download a fix.
> >>
> >> http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/
> >>
> >> or:  http://tinyurl.com/qcaff6t
> >>
> >> There is just no way to trust a company that can do this kind of thing.
> >>
> >>
> >> Jan  Werner
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> >> Hidden-discuss at lists.hidden-tech.net
> >>
> >> You are receiving this because you are on the Hidden-Tech Discussion list.
> >> If you would like to change your list preferences, Go to the Members
> >> page on the Hidden Tech Web site.
> >> http://www.hidden-tech.net/members
> >>
> >>
> >
> 
>                                                                      

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services