We've Moved! Visit our NEW FORUM to join the latest discussions. This is an archive of our previous conversations...

You can find the login page for the old forum here.
CHATPRIVACYDONATELOGINREGISTER
DMT-Nexus
FAQWIKIHEALTH & SAFETYARTATTITUDEACTIVE TOPICS
12NEXT
[WARNING] Lenovo laptop users at risk! Options
 
The Traveler
#1 Posted : 2/19/2015 2:59:19 PM

"No, seriously"

Administrator | Skills: DMT, LSD, Programming

Posts: 7324
Joined: 18-Jan-2007
Last visit: 02-Nov-2024
Location: Orion Spur
This is a warning for all users who use a Lenovo laptop of the following series (known at this moment, but can include more in the future):
Lenovo Y50, Z40, Z50 en G50, Yoga 2 Pro.

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections

Ars Technica wrote:
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.


Technically this means that due to this 'Superfish' software attackers may be able to make look-a-like HTTPS websites like banks but also the DMT-Nexus. This is a severe security issue!

You have to uninstall the Superfish software, but that alone will not remove the certificate. To remove the certificate, you must do the following:

Run mmc.exe
Go to File -> Add/Remove Snap-in
Pick Certificates, click Add
Pick Computer Account, click Next
Pick Local Computer, click Finish
Click OK
Look under Trusted Root Certification Authorities -> Certificates
Find the one issued to Superfish and delete it.

If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery stuff.


Kind regards,

The Traveler
 

Live plants. Sustainable, ethically sourced, native American owned.
 
boogerz
#2 Posted : 2/19/2015 3:25:54 PM

DMT-Nexus member


Posts: 371
Joined: 25-Jan-2012
Last visit: 07-Feb-2024
We were just mentioning that you havent been around much but you're like a superhero.
Cool
 
Jorkest
#3 Posted : 2/19/2015 3:35:01 PM

DMT-Nexus member

Moderator | Skills: Extraction Troubleshooting, (S)elf ProgrammingChemical expert | Skills: Extraction Troubleshooting, (S)elf Programming

Posts: 4342
Joined: 02-Oct-2008
Last visit: 19-Jan-2024
trav ..good work!
it's a sound
 
steppa
#4 Posted : 2/19/2015 3:41:49 PM

DMT-Nexus member


Posts: 970
Joined: 01-Dec-2012
Last visit: 01-Mar-2024
It's great how this place cares about it's users. Although I'm not afflicted...thanks for this! Love
Everything is always okay in the end, if it's not, then it's not the end.
 
cyb
#5 Posted : 2/19/2015 4:44:19 PM

DMT-Nexus member

Moderator | Skills: Digi-Art, DTP, Optical tester, Mechanic, CarpenterSenior Member | Skills: Digi-Art, DTP, Optical tester, Mechanic, Carpenter

Posts: 3574
Joined: 18-Apr-2012
Last visit: 05-Feb-2024
 
smokerx
#6 Posted : 2/19/2015 7:33:09 PM

ThGiL fO TiRipS


Posts: 2021
Joined: 26-Feb-2011
Last visit: 07-Feb-2023
Location: Earth
thanks trav, no lenovo here and it seems never will be Smile
We are each of us angels with only one wing, and we can only fly by embracing one another.

*********

We are all living in our own feces.
 
OrionFyre
#7 Posted : 2/19/2015 7:55:45 PM

DMT-Nexus member


Posts: 247
Joined: 09-Feb-2014
Last visit: 08-May-2021
The Traveler wrote:
If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery stuff.

If one is truly concerned about privacy and security they would not be utilizing Windows in the first place.

The fact is that the onus of responsibility is on the individual to be pro-active in demanding those same freedoms and privacy from their software.

It never fails to amaze me that time and time and time and time and time again windows users always act appalled and dismayed that a company would DARE stoop to such levels. But these same people who foam at the mouth in rabid scorn do absolutely nothing to protect themselves, they react to the threat, remove the offending bit of software, post incessently for a few days on facebook and go back to the status quo until the next big fiasco plays out.

www.fsf.org/about

Yes learning to work on a new operating system is a pain. It takes thinking, and learning, and reading. Just the same as when you learned to ride a bike, operate a car, bake a cake, learned to play the guitar, and whatever your hobby is.
Roses are red
Violets are blue
Take the third hit
Then youuu....
 
Ufostrahlen
#8 Posted : 2/19/2015 8:36:51 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
OrionFyre wrote:
Yes learning to work on a new operating system is a pain. It takes thinking, and learning, and reading. Just the same as when you learned to ride a bike, operate a car, bake a cake, learned to play the guitar, and whatever your hobby is.

Well, it's challenging but painful? It doesn't have to be. Plenty of tutorials on the webs, e.g.:




And Linux gets user-friendlier every day. With Ubuntu, it's nearly a no-brainer if you just want to surf, openoffice or listen to mp3s. And if you figure out how to install hardware accelerated video drivers for watching YT videos in HD, you really feel high, being the pro linuxer you've just become! Razz

It's also your chance to become cool, radical and extremist in the eyes of the NSA:

Quote:
According to a report first published in German on Tagesschau on July 3 and followed up by an English language report on DasErste, Linux users are an area of specific interest for surveillance. The report details rules in the XKeyscore source code that identify visitors to the Linux Journal Website, the Tor Onion Router site as well as the Tails Linux distribution site. NSA's interest in Tor has been previously documented in an October 2013 report.

"Learning about Linux is not a crime—but don't tell the NSA that," the EFF stated. "Everyone needs privacy and security, online and off."
http://www.eweek.com/sec...s-on-nsa-watch-list.html


Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
OrionFyre
#9 Posted : 2/19/2015 9:05:04 PM

DMT-Nexus member


Posts: 247
Joined: 09-Feb-2014
Last visit: 08-May-2021
Ufostrahlen wrote:
With Ubuntu, it's nearly a no-brainer if you just want to surf, openoffice or listen to mp3s.

No system is entirely perfect: especially Ubuntu, which I strongly admonish against using just as much windows, what with it's tumultuous history with user privacy. While I've not kept up with the hullabaloo, they were using the integrated search tool in dash to serve ads from Amazon to users of their operating system in order to gain funding for their project. It just further demonstrates the point as to how careful individuals need to be.

While there are plenty of tutorials out there you obviously are comfortable with computer technologies. The vast majority of people are genuinely fearful of their computers or just outright completely ignorant of such things. It's one thing to say there's tutorials, but it's another thing entirely to dismiss the significant hurdle one must scale when coming from being handheld by windows or mac to the relatively involved and complicated *nix world of doing things.
Roses are red
Violets are blue
Take the third hit
Then youuu....
 
Ufostrahlen
#10 Posted : 2/19/2015 9:21:20 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
OrionFyre wrote:
No system is entirely perfect: especially Ubuntu, which I strongly admonish against using just as much windows, what with it's tumultuous history with user privacy. While I've not kept up with the hullabaloo, they were using the integrated search tool in dash to serve ads from Amazon to users of their operating system in order to gain funding for their project. It just further demonstrates the point as to how careful individuals need to be.


Code:
sudo apt-get remove unity-lens-shopping


Big grin But yeah, usability comes with a price. I mean, if you don't want to know your computer, buy Apple. They will make sure one pays a hefty price for usability and hipness. Oh, and don't take nude selfies and upload them into the cloud if you are a celebrity. Or make pics of your DMT extraction and post them here on the Nexus. I told a newbie his exact location from the GPS coordinates in the JPG.

OrionFyre wrote:
While there are plenty of tutorials out there you obviously are comfortable with computer technologies. The vast majority of people are genuinely fearful of their computers or just outright completely ignorant of such things. It's one thing to say there's tutorials, but it's another thing entirely to dismiss the significant hurdle one must scale when coming from being handheld by windows or mac to the relatively involved and complicated *nix world of doing things.

Yes, on the other hand, Linux was really painful 15 years ago. Now it's not that different from Windows. But one can still try to get a Gentoo running. Laughing

Quote:
UbuntuPre-installed

This is a comprehensive list of hardware suppliers who sell computers with Ubuntu pre-installed with details on what hardware they supply along with whether they rely only on free drivers/firmware. Companies should be listed by where they ship to, not by where they operate from.

https://help.ubuntu.com/...nity/UbuntuPre-installed

Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
Macre
#11 Posted : 2/19/2015 9:38:09 PM

DMT-Nexus member

Senior Member

Posts: 746
Joined: 30-Sep-2009
Last visit: 04-Apr-2024
Location: United Kingdom of Hyperspace
There's been a rumour flying around for a few years that Lenovo laptops have an extremely well hidden back door, hidden in firmware on a chip. It's also been rumoured that the British (and others) intelligence services do not allow Lenovo equipment on their networks.

There's alleged links between Lenovo and the Chinese government, an indirect one, something to do with share holding.

As I say, it's just a rumour, which has always been denied from both sides. Certainly interesting though.

Peace

Macre
All things stated within this website by myself are expressly intended for entertainment purposes only.

All people in general, and users of this site are encouraged by myself, other members, and DMT-Nexus, to know and abide by the laws of the jurisdiction in which they are situated.

I, other members, and DMT-Nexus, do not condone or encourage the use, supply, or production of illegal drugs or controlled substances in any way whatsoever.

 
Jin
#12 Posted : 2/19/2015 11:28:01 PM

yes


Posts: 1808
Joined: 29-Jan-2010
Last visit: 30-Dec-2023
Location: in the universe
ok , a lenovo here , a small old netbook series S100

thankfully the factory installed windows had been deleted , after the complete format ubuntu was installed and has been running for a few years now

is this safe ?
illusions !, there are no illusions
there is only that which is the truth
 
pitubo
#13 Posted : 2/20/2015 1:06:44 AM

dysfunctional word machine

Senior Member

Posts: 1831
Joined: 15-Mar-2014
Last visit: 11-Jun-2018
Location: at the center of my universe
Linux alone will not save you from the bad guys. You may also need something like coreboot. Because the backdoors can not only be in the operating system, but also in the bios, by way of System Management Mode. Knowledge of these issues is actually pretty old.

My paranoid mind has even been wondering if a network card that attaches to the pci bus can be used to do dma reads from ram entirely behind the back and out of sight of the cpu, ever since the "smart" 3com59x cards became commonplace long time ago. Knock knock who's there, broadcasting magic bytes on my lan?

Other issue: anybody who is surfing the internet and cares about the integrity of the data on their system should jail the browser software in a virtual machine. Furthermore, the personal data that is left behind by actions on the net, even by merely requesting a webpage, and that is happily picked, vacuumed and dragnetted up by the googles and nsa's and their kin, is very hard to contain.

I like linux, I've personally been using it almost exclusively for 20 years. But I think that it is not the magic bullet to fix your security issues. Real security is much too complicated for simple solutions. Linux will not do your homework for you, but it will help you if you do want to do your homework. I would advise people to choose any linux (or bsd) flavor of their liking, but to run debian rather than ubuntu though.
 
1ce
#14 Posted : 2/20/2015 1:24:48 AM

Communications-Security Analyst


Posts: 1280
Joined: 17-Aug-2014
Last visit: 05-Feb-2024
Location: Nirvana
Custom built boxes running open/pc-BSD for me Pleased
 
RAM
#15 Posted : 2/20/2015 5:34:48 AM

Hail the keys!


Posts: 553
Joined: 30-Aug-2014
Last visit: 07-Nov-2022
Ugh I'm on a Lenovo too but not one of the infected ones. This laptop has given me so many issues, and the caller support was terrible. And now this!!

I had read that Lenovo made the best business laptops but I'm sure never going to get another one after this. But mine is not even a year old so I'll probably still use it for a time.

Thanks so much, I didn't see this anywhere else.
"Think for yourself and question authority." - Leary

"To step out of ideology - it hurts. It's a painful experience. You must force yourself to do it." - Žižek
 
Ufostrahlen
#16 Posted : 2/20/2015 6:56:09 AM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
The Traveler wrote:
If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery stuff.

There's a tutorial for that from Ars Technica, too:

Quote:
Save yourself from your OEM’s bad decisions with a clean install of Windows 8.1
The safest way to escape from Superfish is to wipe your PC yourself. Here's how.
http://arstechnica.com/g...nstall-of-windows-8-1/1/
Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
Gone-and-Back
#17 Posted : 2/20/2015 12:19:42 PM
DMT-Nexus member


Posts: 876
Joined: 20-Apr-2012
Last visit: 12-Feb-2019
Is the Lenovo think pad affected? I have been using said laptop for a few years now. It wouldn't hurt to check it I guess.

I can't believe a computer company is doing this.
Everything published by Gone-and-Back are the mad rantings and ravings of a mind who yearns to be free and thinks he knows what he is talking about. However, these are just delusions made to feel that freedom, because that freedom will never come. Any experiments done are purely figments of the imagination, and are falsified to the highest degree. Nothing should be taken seriously from a crazy mans mind.
 
Ufostrahlen
#18 Posted : 2/20/2015 12:26:08 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
Gone-and-Back wrote:
Is the Lenovo think pad affected? I have been using said laptop for a few years now. It wouldn't hurt to check it I guess.

You can check here whether your computer is affected or not: https://filippo.io/Badfish/
Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
GOD
#19 Posted : 2/20/2015 2:39:32 PM
DMT-Nexus member


Posts: 290
Joined: 18-Jan-2008
Last visit: 13-Feb-2016
Does anyone still use the net or phone for private things ? If yes WHY ?

If you have an ISP router ........ " THEY " OWN IT . Its at least a partial company / secret service backdoor . Is your router watching you ?

Do we use a mobile phone ? DO " THEY " OWN IT ---- >

https://firstlook.org/th...5/02/19/great-sim-heist/

Do YOU own " YOUR " hard drive ? ---- >

http://www.theregister.co.uk/2015/02/19/eu_ec_/

http://www.reuters.com/a...ng-idUSKBN0LK1QV20150216





I am autism spectum ........ please dont burn me at the stake for being honest .
 
Ufostrahlen
#20 Posted : 2/21/2015 12:06:49 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
Automatic Removal tool: http://support.lenovo.co...rity/superfish_uninstall
Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
12NEXT
 
Users browsing this forum
Guest (8)

DMT-Nexus theme created by The Traveler
This page was generated in 0.051 seconds.