[GTALUG] Fw: [Cryptography] Lenovo laptops with preloaded adware and an evil CA

Digimer lists at alteeve.ca
Fri Feb 20 02:09:02 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/02/15 08:41 PM, William Muriithi wrote:
> ‎Evening,
> 
> Forwarding this to this list as I am aware thinkpad is popular.
> Looks though like Lenovo is shipping a really dirty adware
> 
> How can they have fallen for this?
> 
> Regards,
> 
> William

It is inexcusable and I will not defend their actions, regardless of
the reasoning.

To entertain a guess at your question though;

The laptop market has extremely tight profit margins and is fairly
saturated with both boutique and budget players. I suspect someone
behind Superfish came to Lenovo offering a very sweet bundling deal.
So sweet, that the people responsible for vetting software partners
didn't want to look too closely because they didn't want to risk
finding a reason to say no.

This will hurt Lenovo, badly. Given their initial presser claiming to
have reviewed the issue and that they found no significant security
concern is worse than laughable. They had an opportunity to get out
ahead of this PR crisis with a good explanation and a genuine sounding
"mea culpa", but instead they effectively "double-downed" on their
position that is a non-issue. That shows either embarrassing levels of
incompetence at best or wilful desire to sacrifice their customer
safety in the interest of saving face at worst.

tl;dr: They got handed a bag of money and then dun goofed when it blew
up in their face.

- -- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU5pc+AAoJECChztQA3mh0Kj0P/3onjcLNox8jEUmwfS4qrDxf
Wy9FoKWCX5n7L7W8Sv6SkLKG+AwwSGGVx12sKDOztEooRD9a8kp1NOlO+6m50FyM
vrNIyrrH5FQXyIU5dgUcZnWqd6Qx+u8lwOMeeuKhSahrdX1mV8YmYQHbxybcLmPS
MQz6zC9Th54EG3aaEJDzui7C9wZl4JHDgx+e7aaSJQ7KkGqh/ngBvWrdpqY6QVur
p48D7NoaqP7LY6AXfAIHxM22focA+DC6/mF7NP/znf0eFyUSCRaUCSg3ndSTpKGK
saBJ0Pk6SbIbwA1nz8FGlnA7NNLeywK1B/mrMpAR4Mydj74j1DRjCMNYAFUF+9Bm
jeiz1uCaG66aCEGvSBIgzzdE2PW8GKVQ0LiQh6y3TuYwhlnd0ow0ApikTvATDUbp
c5ZfcB1T7/R1TanHNxGfInIE/PGwfRW5oHA4r6+9VT85VoKrLfROoQJ5tVfrcbdB
5PqTsnCyJv74PHSQQmgP9tqI//urut9Rc1JMrBV8g3ZadIleSqsijezFBgYhDa2J
Zm+LPTp90a73jXXyPODJxqtBT6kPSUFuvUdbAmBzs+pvjc5p2KW+f1PU0Gx2kVU7
AGUfcf1ze0n+SPtvmjqtPQH3b9mB1ojnY0luXyZb1Up+4YZZ3/zivm4S6x+h7eU8
Rk1G26nMsxCZjQ9TgmC+
=MMUY
-----END PGP SIGNATURE-----


More information about the talk mailing list