Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Lizard Squad Claims Attack On Lenovo Days After Superfish 36

Amanda Parker writes with news that hacker group Lizard Squad has claimed responsibility for a defacement of Lenovo's website. This follows last week's revelations that Lenovo installed Superfish adware on consumer laptops, which included a self-signed certificate authority that could have allowed man-in-the-middle attacks. The hackers seemingly replaced the manufacturer's website with images of an unidentified youth, displayed with a song from the Disney film High School Musical playing in the background. Taking to a new Twitter account that has only been active a matter of days, the Lizards also posted emails alleged to be from Lenovo, leading some to speculate that the mail system had been compromised. While some have seen the attack as retaliation for the Superfish bug, it is also possible that Lizard Squad are jumping on the event merely to promote their own hacking services.
This discussion has been archived. No new comments can be posted.

Lizard Squad Claims Attack On Lenovo Days After Superfish

Comments Filter:
  • juvenile vandalism (Score:5, Insightful)

    by iggymanz ( 596061 ) on Thursday February 26, 2015 @11:24AM (#49137727)

    this is no more noteworthy or significant than vandalizing a billboard

    • by Viol8 ( 599362 ) on Thursday February 26, 2015 @11:35AM (#49137837) Homepage

      Quite. Its just the middle class wannabe version of a graffiti tag, with about the same amount of talent required and having the same level of intellectual gravitas.

      • I'm just wondering when they are going to create a terrorist classification for a type of data packet. Pretty sure it will be an open ended description.

    • While normally correct, this attack is more noteworthy when combined with the news of Superfish. This was a DNS hijack, which means the attackers would have been able to point *.lenovo.com at the server of their choosing. While I don't believe Superfish was actually running its requests through a subdomain of lenovo.com, this particular type of simple "vandalism" could have just as easily been used to take advantage of Superfish's automatic MITM and intercepted all manner of sensitive data.
  • by gnasher719 ( 869701 ) on Thursday February 26, 2015 @11:29AM (#49137775)
    As far as I understand it, this didn't just allow hackers to create a man-in-the-middle attack. Your Lenovo computer with the hardware would actively perform a man-in-the-middle attack against the user to analyse any encrypted traffic to https websites. For example when you enter a credit card number on the website of a reputable company using https, the adware could read what you posted.

    This is plainly unforgivable.
  • by Bugler412 ( 2610815 ) on Thursday February 26, 2015 @11:44AM (#49137919)
    Since when is a willfully installed piece of adware/spyware a "bug"? Using that term is someone's attempt to pass this off as a coding error when it was actually willfully installed by the OEM in their OS image.
  • Every machine that I buy, I always start off by wiping the OS and doing a fresh install. Is that not common practice? I've never met anyone with a lenovo for their at home use, always dell's or hp's. And anyone that I've met that did have a lenovo used it just for business. Don't business's hire competent IT guys? Anyone who knows anything knows that the easiest way to get rid of the garbage is just to reload the OS.
    • This does not prevent firmware attacks such as in BIOS or the firmware on your HDD, or DVD or even battery firmware on laptops.
    • by wed128 ( 722152 ) on Thursday February 26, 2015 @12:18PM (#49138265)

      Don't business's hire competent IT guys?

      In my experience? Yes they do. they also hire a bunch of incompetent ones. its a crap shoot.

    • I've never met anyone with a lenovo for their at home use, always dell's or hp's.

      Well, some people really love to embrace mediocrity.

      And anyone that I've met that did have a lenovo used it just for business.

      The business Lenovo systems - ThinkPad laptops and ThinkStation workstations - were not part of this as Lenovo never installed superfish on any of them. This only applied to their mediocre consumer-level units that were sold as Lenovos with other model names.

      Just another reason why I only buy ThinkPads for my own use. Home, work, etc; I won't buy anything else. Lenovo knows better than to risk that golden goose.

  • I was trying to load a lenovo forum on the superfish situation yesterday and was puzzled why it was just showing me G-rated pictures of teenagers staring at cameras. I figured something had gone amiss with the code running the forum, or something was weird with my browser that moment. I then found the information I wanted elsewhere.

    In other words, this wasn't a very impressive hack.
  • by slashmydots ( 2189826 ) on Thursday February 26, 2015 @12:32PM (#49138423)
    Oh crap, hactivism doesn't cover it anymore because they're also advertising their services. Time to cram more words in. They're Hactivismvertising.
    • They're Hactivismvertising.

      Good point. I think you're well on your way to coining a new word.

      I'm not sure what their message is other than advertising. But assuming they're projecting their point of view, are they saying?:

      1) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad.
      2) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is good.
      or maybe even:
      3) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad unl

  • every act of destruction in any form is not really good, all there must be consequences, if they want to be responsible it better. Toko pasutri [tokopasutri1.com]

How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."

Working...