Saturday, February 21, 2015

What a mess with Lenovo's SuperFish!

"Sorry". "We're so sorry". "We were wrong". Computer maker Lenovo is immersed in one of its darkest episodes, after it was discovered that their laptops have an "adware" by default which, besides filling their new customers' screens with unwanted advertising, makes them vulnerable to attacks. The company cries on social networks, trying to seem simple humans that have made a mistake. But people don't attend crying when it's about their security.

Tom's fish (CC BY 2.0)
"You cannot manage it just sending a tweet. We want to see real consequences. There must be some executives who have been responsible for this and should resign", was one of the hard answers that received Lenovo's contrition on Twitter. The company has quickly issued a tool to remove the "adware", incidentally named Superfish. Lenovo CTO made things worst when he qualified experts' accusations as "only theoretical". Those accusations said that Superfish opens security holes on computers, and now Errata Security has proved it.

Another company that has trouble this week it's routers' manufacturer Comtrend. The founder of search engine Shodan, John Matherly, discovered that Comtrend sold over 250,000 routers to Telefónica de España, and thousands on many other countries, all with the same SSH keys. This means that if a criminal knows one router's key, can decrypt SSH communications of all, if they are not blocked by their provider's remote management system, which are a lot of them. In this case, there have been no tears nor comments from any of the involved companies.

Those who should cry are Android phone users, increasingly surrounded by viruses. The latter, called PowerOffHijack, kidnaps the mobile's shutdown and continues stealing data or spying us while we believe mobile is off. Those who also cry, too long ago, are movie studios who see their films systematically pirated. Some decided to turn the tables and convert the amounts of downloads on stats about which movies are more popular. Thus, according to the Irdeto ranking, so far this year the winner is ... "American Sniper".

Good suggestion to have a pleasant time at the movies this weekend.


Post a Comment