TBD

TBD on Ning

Just in case ....


Lenovo: massive security risk found



8 hrs ago

Lenovo © Getty Images Lenovo

The Chinese PC manufacturer Lenovo has been accused of running a "massive security risk" after researchers found flaws in its software.

Three vulnerabilities could be exploited to install malware on users' systems or to hand attackers a measure of control over them, it was reported.

Lenovo acknowledged the findings and urged users to download a patch to resolve the issues.

The news follows revelations about pre-installed adware on Lenovo systems.

The vulnerabilities were discovered by researchers at security firm IOActive, who alerted Lenovo to them in February this year.

The patch was released in April, but the researchers' findings were only made public this week.

Flaws

One flaw would allow both local and remote attackers to "bypass signature validation checks and replace trusted Lenovo applications with malicious applications", the researchers found.

That might have exposed Lenovo users to so-called "coffee shop attacks", in which attackers hijack a connection to a public wi-fi network.

The attacker could "exploit this to swap Lenovo's executables with a malicious executable", the researchers wrote.

The other two flaws would allow attackers to gain a greater level of control over a system than they should have.

That would potentially allow them to run malicious commands, according to Prof Alan Woodward, a security expert at Surrey university.

"Lenovo have been found wanting again on the security front," he said.

"They seem to be exposing users to potential remote hacking this time."

'Very disappointing'

Prof Woodward said that, following February's reports that Lenovo had exposed users with adware installed on its systems, the latest revelations were "very disappointing".

Lenovo was building a "lamentable record for security", he added.

The firm was forced to remove hidden "Superfish" adware that had been pre-installed on its machines, potentially compromising users' security.

It offered customers a tool to remove the software, which has been likened to malware in the way it interacts with systems.

A Lenovo spokesman said that its development and security teams had worked with IOActive on the vulnerabilities it found in Lenovo's system update feature.

The researchers gave Lenovo time to fix the problems before their findings were made public.

The computer manufacturer added that users would now be prompted to install the updates.

"Alternatively, users may manually update System Update as described in the security advisory," it said.

"Lenovo recommends that all users update System Update to eliminate the vulnerabilities reported by IOActive."

Views: 163

Replies to This Discussion

So if someone were in the market for a laptop, what would your suggestions be?  Ya know for a casual user like me.   

i like asus .. and even if you buy somethin else there's still a good chance it will have some asus parts in it anyway .. and if you shop around and know what you're lookin for as far as memory , processor and ram pound for pound and dollar for dollar asus stacks up pretty good .. it may not be the cheapest but its far from the most expensive .. of course i'm speakin of windows machines now .. not apples .. or macs .. a mac will cost you at least twice as much for the same processor speed , memory and ram .. but they ain't the target of so many hackers .. yet .. cause they don't have but 10% of the market and them phishers like to go where they can catch the most phish .. i'm sure once you learn the programs on an apple they work just as well as windows tho .. just different .. it all comes down to how much you wanna pay and how much you wanna change programs .. 

by the way...if all someone wants is a gramma computer to check email etc, frys has a dell with a celeron processor for 188 bucks.

sort of depends on what you want to spend too. i second frenchy on the asus laptops...but i also confess a fondness for hp as a descendant of compaq. compaq's stated mission was to produce a computer that all programs would work on without glitching. dell's are famous for installing a program and then another program won't work after that install. you can shop for pricing by checking places like office depot, costco and frys. and there is one on a sale at costco that is a deal. that one comes with windows 7 12gb of ram, an i5 processor and a tb drive.

http://www.costco.com/HP-Pavilion-17-Laptop-|-Intel-Core-i5-|-2-GB-Graphics-|-Windows-7-Professional.product.100163216.html?catalogId=10701&keyword=994741&langId=-1&storeId=10301&refine=

http://www.costco.com/CatalogSearch?storeId=10301&catalogId=107...

http://officedepot.shoplocal.com/OfficeDepot/Entry/LandingContent?s...

http://www.frys.com/ads/view-all-store-ads?topbannertop010115

http://www.frys.com/ads/page101#AdNavi

i bought the hp 17 inch from costco. bought elsewhere it would be a LOT more

RSS

Badge

Loading…

© 2024   Created by Aggie.   Powered by

Badges  |  Report an Issue  |  Terms of Service