LinuxHam - Slashdot User

Submission + - Lenovo Accused of Pushing Self-signed MITM Proxy (zdnet.com) 2

Submitted by jones_supa on Thursday February 19, 2015 @04:30AM

jones_supa writes: More OEM crapware coming at you. Chinese hardware manufacturer Lenovo has come under fire for allegedly shipping consumer Windows laptops with software that hijacks secure website connections, as well as inserting ads into search results. The software is called "Superfish" and it installs its own self-signed root certificate authority. Superfish comes with Lenovo consumer products only, and is a technology that helps users "find and discover products visually". The technology instantly analyzes images on the web and presents identical and similar product offers. Google's Chris Palmer has been analyzing the issue on a Yoga 2 laptop. He has confirmed with one other affected user that the certificates used share the same key, which leaves any impacted Lenovo user vulnerable to an attack from anyone able to extract the certificate's private key, with the user left without any warning or notice of such an attack. Superfish can be uninstalled, but it reportedly leaves the root certificate authority behind. On a new laptop, the software can be disabled simply by not accepting the Terms of User and Privacy Policy on initial setup.

Comment Re:In defense of Gov Christie (Score 2) 740

by Phil Karn on Monday February 02, 2015 @08:16PM (#48963937) Attached to: New Jersey Gov. Christie: Parents Should Have Choice In Vaccinations

Then maybe, as a highly visible public official, he should have kept his mouth shut until he'd consulted the public health people who actually know what they're talking about. I suspect he knows how to use a telephone.

Comment This is ridiculous (Score 1) 236

by Phil Karn on Tuesday January 27, 2015 @02:09PM (#48916087) Attached to: White House Drone Incident Exposes Key Security Gap

God forbid that some poor kid ever accidentally knock a softball over the White House fence. He'd never escape Gitmo.

Comment Re:Early fragmentation (Score 1) 492

by metamatic on Sunday January 25, 2015 @07:06PM (#48900921) Attached to: Ask Slashdot: Is Pascal Underrated?

while there were various decent, proprietary, dialects that let you actually write code that did stuff, *standard* Pascal was as much use as a chocolate teapot

And that's still a problem today. There's no standard for OO Pascal, and the ANSI Pascal standards have been moribund since 1990.

That's why I abandoned Pascal (and Modula-2): I didn't want to get locked in to a single vendor.

Comment Re:That is not "free" software (Score 1) 75

by metamatic on Sunday January 18, 2015 @11:59AM (#48844713) Attached to: The Free Educational Software GCompris Comes To Android

More to the point, Android is an open source and freely redistributable platform.

Comment Re:How do things need to change to live with syste (Score 2) 551

by metamatic on Friday January 16, 2015 @08:47PM (#48835917) Attached to: Systemd's Lennart Poettering: 'We Do Listen To Users'

There was no GPL purge.

Thanks, Baghdad Bob, but I've been monitoring the purge for some time.

Comment Re:How do things need to change to live with syste (Score 2) 551

by metamatic on Friday January 16, 2015 @04:59PM (#48833983) Attached to: Systemd's Lennart Poettering: 'We Do Listen To Users'

Samba is no longer used in Mac OS X.

Apple got rid of it as part of their GPL software purge.

Comment Re:Benchmarks for that AMD chip look bad... (Score 1) 180

by SQL Error on Wednesday January 14, 2015 @08:31PM (#48815599) Attached to: Tiny Fanless Mini-PC Runs Linux Or Windows On Quad-core AMD SoC

Check the single-threaded performance - AMD is 50% faster than Intel.

(Not often you get to say that these days....)

Comment Re:WTF (Score 5, Insightful) 319

by SQL Error on Monday January 12, 2015 @06:24AM (#48791687) Attached to: Several European Countries Lay Groundwork For Heavier Internet Censorhip

Freedom of speech is the freedom to offend. Speech that offends no-one needs no protection.

Comment Re:Floppy drives (Score 1) 790

by Phil Karn on Sunday January 11, 2015 @01:35AM (#48785251) Attached to: Ask Slashdot: Sounds We Don't Hear Any More?

Not having gone to MIT myself, I always wondered if the MIT phone system really had the following error recording?

I'm sorry, you've reached an imaginary number at the Massachusetts Institute of Technology. Please rotate your dial 90 degrees and try your call again.

Comment Line printers (Score 3, Interesting) 790

by Phil Karn on Sunday January 11, 2015 @01:27AM (#48785225) Attached to: Ask Slashdot: Sounds We Don't Hear Any More?

Others have already mentioned the dot-matrix printer, but there was a big one before that: the high speed line printer. They were too expensive for individuals, but they certainly were a familiar sound to 1970s programming students like me.

There were two main types: the drum printer and the chain printer. The drum printer was cheaper and therefore much more common. The drum, which contained all the characters in a given font, rotated once for each row printed. An entire row was printed simultaneously; a separate solenoid-driven hammer in each column fired at the right instant to print the desired character in that column. You could easily tell from across the room whether your program had failed to compile or if execution ended with a core (!) dump. The burst pages between jobs had their own highly characteristic sound.

A related sound is that of ripping fanfold line printer paper to separate jobs. Who uses any kind of fanfold paper these days? Or even paper...?

Oh, and let's not forget the sound of the Hollerith (IBM punch card) reader...

Comment Re:It is not illegal to lie (Score 4, Insightful) 172

by SQL Error on Thursday January 08, 2015 @08:55PM (#48770679) Attached to: Canadian Copyright Notice-and-Notice System: Citing False Legal information

It may be illegal to lie for gain, particularly for a corporation, depending on the precise details of the case. They're opening themselves up to criminal charges, not to mention civil lawsuits.

Finnish KRP Questions Suspected Lizard Squad Member 62

Posted by timothy on Thursday January 01, 2015 @02:39PM from the breaking-off-the-tail dept.

An anonymous reader writes Coming on the heels of the UK arrest of Vinnie Omari, Yle reports that Finnish police have interviewed "Ryan", the Finland-based hacker reportedly responsible for hacking the PlayStation and Xbox networks on Christmas day, but have not arrested him — contrary to reports in the international media (such as Washington Post). Lizard Squad had tweeted that the Finland-based hacker had been detained. Chief Inspector Tero Muurman of Keskusrikospoliisi (Finnish National Bureau of Investigation) confirmed Yle that reports of "Ryan" having been detained were wide of the mark. He had been interviewed at the start of the week, but then released. Finnish police are continuing their probe and co-operating closely with the FBI.

Thunderbolt Rootkit Vector 163

Posted by Soulskill on Tuesday December 23, 2014 @03:46PM from the like-USB-but-better dept.

New submitter Holi sends this news from PC World: Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook's boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.

Comment Are they still down? (Score 4, Insightful) 360

by Phil Karn on Tuesday December 23, 2014 @12:00AM (#48657641) Attached to: North Korean Internet Is Down

Is NK still off the net? About a half hour ago I had no trouble reaching the sites www.kcna.kp - 175.45.177.74 / 175.45.176.71 naenara.com.kp - 175.45.176.67 / 175.45.177.77 According to https://www.northkoreatech.org..., both sites are physically hosted inside North Korea. I see that both are in the 175.45.176.0/22 block that whois says is assigned to North Korea, and traceroute shows an extra latency (satellite hop?) for that network past China. Is that their only net block? A /22 is 1024 addresses, which I keep hearing is the total number for the entire country.

Slashdot Top Deals