Everyone needs to run this test in all their browsers NOW

[TitanTiger 17,188]

...especially if you are a Lenovo laptop owner, but now they say that the software they've used is showing up in other things like a couple of parental control software apps.

Here's a story from US Homeland Security:

http://www.reuters.com/article/2015/02/20/us-lenovo-cybersecurity-dhs-idUSKBN0LO21U20150220

Here's a slightly more detailed explanation of what it does from a trusted security expert:

https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/

And here is a test that he developed to check for the bad SSL certificate in your browser as well as any other software you have installed:

https://filippo.io/Badfish/

The short version is that Lenovo installed this for the purpose of 'sniffing' its users web surfing so they could inject more relevant advertising into their browsing and shopping sessions based on their interests. That by itself is inexcusable without obtaining explicit permission from the user. But it turns out the method they used from this company Komodia was done in a slipshod (assuming it wasn't purposeful) manner leaving a gaping security hold that could make any SSL browsing able to be intercepted by a third party, including your online banking. Unreal.

And yes, I know this isn't football related but this is too important to get missed because it was put in a less-trafficked forum, so I'm making an executive decision here.

[AUIH1 1,515]

Thanks for the info. Will do since one of our computers is a Lenovo.

wde

[Auctoritas 2,316]

Probably should note, just for sake of use, that all you have to do to run the test is click the link and it gets done immediately and with no hassle, so don't be deterred!

[TitanTiger 17,188]

Probably should note, just for sake of use, that all you have to do to run the test is click the link and it gets done immediately and with no hassle, so don't be deterred!

Right. It says it takes 10 seconds. It took maybe 5 for me.

[Mikey 14,569]

Thanks. It says mine is clean. However, there is a weirdness with my bank logon this morning. As usual, these things happen on Saturday. I guess I wait until Monday and see what's up?

[looney 790]

Did this yesterday after a tip from a different article.

I first checked my installed programs, then my trusted certificates.

Then I went to the website to check and was all clean.

I'm on my phone now but if anyone would like me to find the info outlining those steps later I'm happy to do it.

Didn't click through on the OP links so I'm not sure what info is already in there.

[Texan4Auburn 1,626]

Thanks. It says mine is clean. However, there is a weirdness with my bank logon this morning. As usual, these things happen on Saturday. I guess I wait until Monday and see what's up?

Recently having finished this 3rd degree they can have my bank logon. They would have to make a deposit first to use it haha.

[homersapien 9,725]

So, Thinkpads aren't affected?

(Mine wasn't per the test)

Edited February 22, 2015 by homersapien

[TitanTiger 17,188]

So, Thinkpads aren't affected?

(Mine wasn't per the test)

I'm not sure the exact models. But it's good to test.

I know this...I wouldn't buy so much as a mousepad from Lenovo every again. In fact, I'd either stick with Apple (who actively fights for user privacy) or if I had to be in Windows world, I'd buy a non-bloatware PC directly from Microsoft stores or build one myself.

[homersapien 9,725]

So, Thinkpads aren't affected?

(Mine wasn't per the test)

I'm not sure the exact models. But it's good to test.

I know this...I wouldn't buy so much as a mousepad from Lenovo every again. In fact, I'd either stick with Apple (who actively fights for user privacy) or if I had to be in Windows world, I'd buy a non-bloatware PC directly from Microsoft stores or build one myself.

I have always owned Thinkpads professionally. After I retired, I had one Lenova-branded laptop and didn't like it. The display ultimately failed from a short.

But I have found Lenovo-produced Thinkpads to be bullet-proof. While made by Lenovo (or actually NEC of Japan) they are apparently made to IBM specifications. They are clearly far superior to other Lenovo products. And a Thinkpad keyboard is the only laptop keyboard I have found to be fully acceptable. It's never changed.

While they are still expensive, you can buy refurbished ones at about half price, which is what I am using now. I'd rather buy a refurbished Thinkpad than a new anything else.

So for me, it's either Thinkpad or switch to Apple. I've never used an Apple keyboard though.

Edited February 22, 2015 by homersapien

[TitanTiger 17,188]

So, Thinkpads aren't affected?

(Mine wasn't per the test)

I'm not sure the exact models. But it's good to test.

I know this...I wouldn't buy so much as a mousepad from Lenovo every again. In fact, I'd either stick with Apple (who actively fights for user privacy) or if I had to be in Windows world, I'd buy a non-bloatware PC directly from Microsoft stores or build one myself.

I have always owned Thinkpads professionally. After I retired, I had one Lenova-branded laptop and didn't like it. The display ultimately failed from a short.

But I have found Lenovo-produced Thinkpads to be bullet-proof. While made by Lenovo (or actually NEC of Japan) they are apparently made to IBM specifications. They are clearly far superior to other Lenovo products. And a Thinkpad keyboard is the only laptop keyboard I have found to be fully acceptable. It's never changed.

While they are still expensive, you can buy refurbished ones at about half price, which is what I am using now. I'd rather buy a refurbished Thinkpad than a new anything else.

So for me, it's either Thinkpad or switch to Apple. I've never used an Apple keyboard though.

Before this I would have said the same thing. Thinkpads from a hardware standpoint are the best bang for the buck in Windows world. After this, it wouldn't matter. I'd never buy another Lenovo product again. It's not just that this thing turned out to be poorly executed and so horribly insecure that virtually anyone could take advantage of it and be able to read all your SSL traffic. It's that Lenovo decided for its customers to just insert such a thing in the first place without telling them it was there and what it does. Even if it had been executed perfectly from a security standpoint, that is not their right. The incredible arrogance and entitlement that it takes to believe you shouldn't have to disclose such a thing or better yet, make it "opt-in" for those who don't mind the trade offs is mind-boggling. And there is no telling how many users they have now made victims of identity theft.

As far as the keyboards, almost all the new Lenovo laptops use the same 'chicklet' style keyboard that the Macbooks use.

[homersapien 9,725]

Yeah, I don't disagree. It does seem stupidly thoughtless. Criminally even.

I was referring to keyboard "touch" (feel) and auxiliary key placement.

[AU '76 16]

Can't go wrong with a MacPro - excellent laptop

[japantiger 3,748]

Dell Latitude, put DDPE (data protection) on it and use Sonic Wall.

[AU_Tiger_88 401]

I would never buy a Levono product after IBM sold them to a company in China. I used a thinkpad for work in a couple of jobs ago. I found them slow and didn't like the keyboard at all. I have used Apple products and we own a couple as for my main stay I have a laptop that I run Linux on that works well. You can lock them down pretty good and they can be protected pretty good. I hate Adware & rip out software that comes with new PCs. I wonder how much money they made off of the deal to put that on their machines.