This is a warning for all users who use a Lenovo laptop of the following series (known at this moment, but can include more in the future):
Lenovo Y50, Z40, Z50 en G50, Yoga 2 Pro.

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections



Technically this means that due to this 'Superfish' software attackers may be able to make look-a-like HTTPS websites like banks but also the DMT-Nexus. This is a severe security issue!

You have to uninstall the Superfish software, but that alone will not remove the certificate. To remove the certificate, you must do the following:

Run mmc.exe
Go to File -> Add/Remove Snap-in
Pick Certificates, click Add
Pick Computer Account, click Next
Pick Local Computer, click Finish
Click OK
Look under Trusted Root Certification Authorities -> Certificates
Find the one issued to Superfish and delete it.

If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery stuff.


Kind regards,

The Traveler

We were just mentioning that you havent been around much but you're like a superhero.

trav ..good work!

It's great how this place cares about it's users. Although I'm not afflicted...thanks for this!

Thanks Trav

Also of concern

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years

Also Here

thanks trav, no lenovo here and it seems never will be

If one is truly concerned about privacy and security they would not be utilizing Windows in the first place.

The fact is that the onus of responsibility is on the individual to be pro-active in demanding those same freedoms and privacy from their software.

It never fails to amaze me that time and time and time and time and time again windows users always act appalled and dismayed that a company would DARE stoop to such levels. But these same people who foam at the mouth in rabid scorn do absolutely nothing to protect themselves, they react to the threat, remove the offending bit of software, post incessently for a few days on facebook and go back to the status quo until the next big fiasco plays out.

www.fsf.org/about

Yes learning to work on a new operating system is a pain. It takes thinking, and learning, and reading. Just the same as when you learned to ride a bike, operate a car, bake a cake, learned to play the guitar, and whatever your hobby is.

Well, it's challenging but painful? It doesn't have to be. Plenty of tutorials on the webs, e.g.:




And Linux gets user-friendlier every day. With Ubuntu, it's nearly a no-brainer if you just want to surf, openoffice or listen to mp3s. And if you figure out how to install hardware accelerated video drivers for watching YT videos in HD, you really feel high, being the pro linuxer you've just become!

It's also your chance to become cool, radical and extremist in the eyes of the NSA:

No system is entirely perfect: especially Ubuntu, which I strongly admonish against using just as much windows, what with it's tumultuous history with user privacy. While I've not kept up with the hullabaloo, they were using the integrated search tool in dash to serve ads from Amazon to users of their operating system in order to gain funding for their project. It just further demonstrates the point as to how careful individuals need to be.

While there are plenty of tutorials out there you obviously are comfortable with computer technologies. The vast majority of people are genuinely fearful of their computers or just outright completely ignorant of such things. It's one thing to say there's tutorials, but it's another thing entirely to dismiss the significant hurdle one must scale when coming from being handheld by windows or mac to the relatively involved and complicated *nix world of doing things.

But yeah, usability comes with a price. I mean, if you don't want to know your computer, buy Apple. They will make sure one pays a hefty price for usability and hipness. Oh, and don't take nude selfies and upload them into the cloud if you are a celebrity. Or make pics of your DMT extraction and post them here on the Nexus. I told a newbie his exact location from the GPS coordinates in the JPG.


Yes, on the other hand, Linux was really painful 15 years ago. Now it's not that different from Windows. But one can still try to get a Gentoo running.

There's been a rumour flying around for a few years that Lenovo laptops have an extremely well hidden back door, hidden in firmware on a chip. It's also been rumoured that the British (and others) intelligence services do not allow Lenovo equipment on their networks.

There's alleged links between Lenovo and the Chinese government, an indirect one, something to do with share holding.

As I say, it's just a rumour, which has always been denied from both sides. Certainly interesting though.

Peace

Macre

ok , a lenovo here , a small old netbook series S100

thankfully the factory installed windows had been deleted , after the complete format ubuntu was installed and has been running for a few years now

is this safe ?

Linux alone will not save you from the bad guys. You may also need something like coreboot. Because the backdoors can not only be in the operating system, but also in the bios, by way of System Management Mode. Knowledge of these issues is actually pretty old.

My paranoid mind has even been wondering if a network card that attaches to the pci bus can be used to do dma reads from ram entirely behind the back and out of sight of the cpu, ever since the "smart" 3com59x cards became commonplace long time ago. Knock knock who's there, broadcasting magic bytes on my lan?

Other issue: anybody who is surfing the internet and cares about the integrity of the data on their system should jail the browser software in a virtual machine. Furthermore, the personal data that is left behind by actions on the net, even by merely requesting a webpage, and that is happily picked, vacuumed and dragnetted up by the googles and nsa's and their kin, is very hard to contain.

I like linux, I've personally been using it almost exclusively for 20 years. But I think that it is not the magic bullet to fix your security issues. Real security is much too complicated for simple solutions. Linux will not do your homework for you, but it will help you if you do want to do your homework. I would advise people to choose any linux (or bsd) flavor of their liking, but to run debian rather than ubuntu though.

Custom built boxes running open/pc-BSD for me

Ugh I'm on a Lenovo too but not one of the infected ones. This laptop has given me so many issues, and the caller support was terrible. And now this!!

I had read that Lenovo made the best business laptops but I'm sure never going to get another one after this. But mine is not even a year old so I'll probably still use it for a time.

Thanks so much, I didn't see this anywhere else.

There's a tutorial for that from Ars Technica, too:

Is the Lenovo think pad affected? I have been using said laptop for a few years now. It wouldn't hurt to check it I guess.

I can't believe a computer company is doing this.

You can check here whether your computer is affected or not: https://filippo.io/Badfish/

Does anyone still use the net or phone for private things ? If yes WHY ?

If you have an ISP router ........ " THEY " OWN IT . Its at least a partial company / secret service backdoor . Is your router watching you ?

Do we use a mobile phone ? DO " THEY " OWN IT ---- >

https://firstlook.org/th...5/02/19/great-sim-heist/

Do YOU own " YOUR " hard drive ? ---- >

http://www.theregister.co.uk/2015/02/19/eu_ec_/

http://www.reuters.com/a...ng-idUSKBN0LK1QV20150216

Automatic Removal tool: http://support.lenovo.co...rity/superfish_uninstall