Lenovo - if it's on your network, you ARE breached.
-
Excuse me a minute while I have a @JaredBusch and @scottalanmiller combination moment here.
FFS people, I'd testify to this in court!
-
Superfish was not only in the factory image, it's also contained in the hardware drivers. No amount of anything will protect you from the drivers! Trying to use a generic driver disables the hardware. Known issue with wifi chips from Lenovo.
-
BIOS access. Yes, every server has a way to do remote management of said server. Nobody, other than Lenovo, has BIOS level access via a hard coded url and single password for every single box. Yes, they fixed it by changing the password.
On top of those ongoing issues are the lies and half-truths they're always pushing. Like the "No business class machines have Superphish" when they had just reclassified all the lines of business machines that had it to consumer 5 days before.
Using Lenovo is itself a data breach. They haven't properly fixed any of this yet!
I also wanted a single place to go in order to get this information collated and more publicized. Let me know everything I've forgotten or messed up!
-
-
I have always been skeptical of them even before superfish. Something just didnt add up with them.
-
I just warned 3 people off Lenovo yesterday.
-
The OP should be updated with links to credible news stories talking about the listed issues.
Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here. -
Confirmed OP is a Dell fanboi
-
I have not had Lenovo in my systems ever!!
-
Sigh. This is something I bring up anytime someone says 'Lenovo'. We buy nothing but Lenovo and I'm very close to having a seizure at work.
-
The saying, you get what you pay for.
Network full of viruses! -
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
The OP should be updated with links to credible news stories talking about the listed issues.
Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.Yup
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
The OP should be updated with links to credible news stories talking about the listed issues.
Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.I'd love to, but most of the claims I've made have originated right here, and been later confirmed by myself testing on an X220 which has since been given the Office Space treatment. I'd love some external confirmation!
-
@eddiejennings said in Lenovo - if it's on your network, you ARE breached.:
Confirmed OP is a Dell fanboi
HP, Dell, SuperMicro, Huaway, just about anything other than Lenovo, yes.
-
@dashrender said in Lenovo - if it's on your network, you ARE breached.:
The OP should be updated with links to credible news stories talking about the listed issues.
Not because the OP is wrong, but because to most, this is just a random tech website, where there is no proof that there is no ax to grind, etc. So linking to credible news sources (several would be better) helps ensure the reader of the validity of the claims here.I'll also note that this all came to light while a used X220 was being shipped to me, so yes, I have an axe to grind, but I've also personally seen this stuff happen.
-
@wirestyle22 said in Lenovo - if it's on your network, you ARE breached.:
Sigh. This is something I bring up anytime someone says 'Lenovo'. We buy nothing but Lenovo and I'm very close to having a seizure at work.
You are at a job where people should be in jail for that.
-
-
@scottalanmiller said in Lenovo - if it's on your network, you ARE breached.:
@wirestyle22 said in Lenovo - if it's on your network, you ARE breached.:
Sigh. This is something I bring up anytime someone says 'Lenovo'. We buy nothing but Lenovo and I'm very close to having a seizure at work.
You are at a job where people should be in jail for that.
Hopefully not for long
-
This is an issue when using Windows only?
-
@black3dynamite said in Lenovo - if it's on your network, you ARE breached.:
This is an issue when using Windows only?
No, everything.
Superfish is included with the wifi drivers to a point that the wireless chips will not work without it. As for the BIOS level access, well, that's as bad as it gets.
-
@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:
@black3dynamite said in Lenovo - if it's on your network, you ARE breached.:
This is an issue when using Windows only?
No, everything.
Superfish is included with the wifi drivers to a point that the wireless chips will not work without it. As for the BIOS level access, well, that's as bad as it gets.
I don't know what Wi-Fi chipset you have; however, we have the direct from Intel drivers so if SuperFish is included here I don't think that is a Lenovo issue.
-
@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:
@eddiejennings said in Lenovo - if it's on your network, you ARE breached.:
Confirmed OP is a Dell fanboi
HP, Dell, SuperMicro, Huaway, just about anything other than Lenovo, yes.
Ha!
-
@donaldlandru said in Lenovo - if it's on your network, you ARE breached.:
@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:
@black3dynamite said in Lenovo - if it's on your network, you ARE breached.:
This is an issue when using Windows only?
No, everything.
Superfish is included with the wifi drivers to a point that the wireless chips will not work without it. As for the BIOS level access, well, that's as bad as it gets.
I don't know what Wi-Fi chipset you have; however, we have the direct from Intel drivers so if SuperFish is included here I don't think that is a Lenovo issue.
That's great, you're entire network has already been pwnd tho, thanks to that absolutely assinine BIOS code.
