Become a fan of Slashdot on Facebook


Forgot your password?

Comment Looked into it: it's mostly harmless (Score 1) 134

What this customer feedback tool actually does is update entries from the "event log" called "Lenovo-Customer Feedback".
If you open the Event Viewer you will see entries with a large hexadecimal string. This string is simply the text representation of the bytes of a gzip compressed xml file.

The contents of this XML file looks like this:
    <eVar3>System Update</eVar3>
    <eVar12>Windows 7 Professional</eVar12>
    <pageName>System Update</pageName>
    <timestamp>09-23-2015 19:54:13 PM</timestamp>

The value aca1232d265941f7ae2259e402ab350c is a unique ID created for the Lenovo application for the user running it. This key is stored in the registry at:
Removing it will give you a new key when events are logged.

The server URL is the server where this data will be posted to. The kind of things logged appear events for the various Lenovo tools, like starting and which Lenevo system update you installed. (Along with data about your hardware/OS).

Logging of events is also controlled via the the registry at:
You can change the "ReportMetrics" setting for each entry to disable it, but I do not know for how long as this data might be overwritten when a new MetricCollectionSubscription.xml file is downloaded from the Lenovo servers (this is stored in C:\Users\USERNAME\AppData\Local\Lenovo\MetricCollectionSDK )

There is also a unique machine id stored at:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\Customer Feedback
This one is generated when it does not exist, and is included in "Lenovo-Customer Feedback" event entries for OmnitureSiteCatalyst. I do not know when these event entries are created .
These entries contain XML data like this:

So the collected data looks mostly harmless and somewhat anonymous, as far as posting data to a website with a stored ID can be considered harmless.

You can disable the uploading of the data by simply disabling the scheduled tasks. And of course you can try to disable the event logging completely by updating the registry.

Comment Re:i think it shows trends in GitHub's demographic (Score 4, Informative) 132

> java usage has increased at GitHub, but this more likely reflects greater adoption of GitHub by the business community.

Not to forget that Google Code is closing, Codehause closed, becomes more shit every day. They housed a lot of Java projects, and they are moving to alternatives like GitHub.

Comment Re:Latest update (Score 1) 222

Additional update (from the article):

Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project

Comment Not really an 0day exploit (Score 5, Informative) 83

Either way, @LizardMafia's Tor relay attack isn't new. There's a paper on how Tor loses anonymity if over 50% of relays are compromised.

I was going to go with botnet, but many LizardNSA relay IPs appear to route back to Google Cloud. Thousands of tiny VMs at low bandwidth?

You can see this whole list of tor nodes here:
All Lizard nodes resolve to *

Wherever you go...There you are. - Buckaroo Banzai