Entries tagged as
Meanwhile you should have heard about the Lenovo hardware that had Superfish installed, an adware injecting software that uses an SSL hijacker SDK made by Komodia. If not then duck it.
I'd classify that as a Maximum Credible Accident (MCA) which was only possible due to greed, stupidity and idiocy.
- Greed – Lenovo was greedy enough to deploy Superfish on its hardware, probably just for a few bugs revenue more per machine.
- Stupidity – Superfish was stupid enough to use the Komodia SSL hijacker, just to be able to inject ads into https connections. Hopefully without knowing what they were doing, else it would had been double stupid stupidity. However, and of course they are greedy as well, because all ad sellers are.
- Idiocy – Komodia was idiots enough to implement an SSL hijacker SDK and embed a root CA certificate in the software using it and super idiocy chose "komodia" as all private keys' password, making the certificate available to anyone and grandpa.
Now, as if that wasn't enough, according to Forbes the
loser behind Komodia
was once a programmer in Israel’s IDF’s Intelligence Core. Really? I'm not impressed.
Or wait, here's room for conspiracy theories! Let Superfish be a venture capital startup, financed by Israelis, which maybe is not that far fetched. What if the whole concept just serves the idea to spread an SSL hijacker to be able to intercept HTTPS connections and inject man-in-the-middle attacks? Sounds like a good plan? Yeah, well done, goal achieved, it couldn't be better ;-)
Superfish may have appeared on these models:Hopefully this incident will teach Lenovo a lesson to not fiddle around with the customer too much..
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30
If you now build ICU and get hit by
make: Leaving directory `/builddir/build/BUILD/icu/source/test/cintltst' ------------- | ** FAILING TEST SUMMARY FOR: intltest TestTwoDigitYear DateFormatTest format | ** END FAILING TEST SUMMARY FOR: intltest --------------- ALL TESTS SUMMARY: ok: testdata iotest cintltst ===== ERRS: intltest make: *** [check-recursive] Error 1 make: Leaving directory `/builddir/build/BUILD/icu/source/test'
you just did a jump to the left.
Then do a step to the right
--- icu.orig/source/test/intltest/dtfmttst.cpp 2013-10-04 22:48:00.000000000 +0200 +++ icu/source/test/intltest/dtfmttst.cpp 2014-06-13 19:34:40.611299572 +0200 @@ -1129,7 +1129,7 @@ return; } parse2DigitYear(fmt, "5/6/17", date(117, UCAL_JUNE, 5)); - parse2DigitYear(fmt, "4/6/34", date(34, UCAL_JUNE, 4)); + parse2DigitYear(fmt, "4/6/34", date(134, UCAL_JUNE, 4)); } // -------------------------------------
With your hands on your hips
You bring your knees in tight
But it's the pelvic thrust that really drives you insane
Let's do the time warp again
Let's do the time warp again
Time Warp - Rocky Horror Picture Show