Lenovo To Stop Installing Unprotected Software

lenovoChina’s Lenovo Group Ltd, had said on Thursday that it would no longer pre-install software that cybersecurity experts perceived to be malicious and vulnerable to hacking.

The world’s largest PC maker, Lenovo had come under fire from security researchers who said that the company pre-installed a software from a company called Superfish on consumer laptops that hijacked web connections and allowed them to be spied upon.

Users reported as early as last June that a program, also called Superfish, was ‘hardware’, or ‘software’ that automatically displays adverts.

Superfish would no longer be pre-installed and has been disabled on all of Lenovo’s product in the market since January, when the PC maker also stopped pre-installing the software, said a Lenovo spokesman.

Superfish was included on some consumer notebooks shipped between September and December, he said.

CEO of U.S.-based security research firm, Errata Security, Robert Graham, said Superfish was a malicious software that hijacks and throws open encrypted connections, paving way for hackers to control these connections and eavesdrop, in what is known as a man-in-the-middle attack.

“This hurts (Lenovo’s) reputation,” Graham said. “It demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops.”

Graham and other experts said Lenovo was negligent, and computers could still be vulnerable even after uninstalling Superfish.

Superfish throws open encryptions by giving itself the authority to take over connections and declare them as trusted, when they are not.

“The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert the ads,” said Eric Rand, a researcher at Brown Hat Security. “This amounts to a wiretap.”

Concerns about cyber security have dogged Chinese firms, including telecoms equipment maker, Huawei Technologies Ltd over ties to China’s government and smart phone maker, Xiaomi Inc over data privacy.

Obama To Sign Executive Order On Cyber Security

obamaThe U.S President, Barack Obama, is expected to sign an executive order on Friday which is aimed at encouraging companies to share information about cyber security threats with the government and each other, a response to attacks like that of Sony.

Obama will sign the order at a day-long conference on cybersecurity at Stanford University in the heart of Silicon Valley.

The order of the summit sets the stage for new private-sector led “Information Sharing and Analysis Organizations” (ISAOs) – hubs, where companies share cyber threat data with each other and with the Department of Homeland Security.

Mr Obama, who will be joining at the summit with top US security officials, is planning to call on private tech firms to share more information with law enforcement, potentially placing him at odds with the companies.

A senior member of Britain’s National Crime Agency is also due to appear, along with executives from Microsoft, Facebook and Google.

Mr Obama “wants to build support for efforts to better protect against cuber-threats and share more information about cyber-attacks”, the White House said.

Michael Daniel, Obama’s cyber coordinator, in a conference call with reporters said: “We believe that by clearly defining what makes for a good ISAO, that will make tying liability protection to sectoral organisations easier and more accessible to the public and to privacy and civil liberties advocates”.

Cybersecurity industry veterans said that Obama’s anticipated order would be a modest step in one of the president’s major priorities which is the defense of companies from cyber attacks.

Obama has proposed legislation to require more information-sharing and limit any legal liability for companies that share too much. Only Congress can provide the liability protection through legislation.

In the last summit, Obama said cybersecurity was a “challenge that we can only meet together, adding that ”it’s going to bring everybody together – industry, tech companies, law enforcement, consumer and privacy advocates, law professors who are specialists in the field, as well as students – to make sure that we work through these issues in a public, transparent fashion.”

Other dignitaries are microsoft vice-president Scott Charney and Chief Executives from Visa, MasterCard and American Express.