Blogs | Créer un Blog | Avertir le modérateur


Asus k50c Battery

Chinese PC peddler Lenovo bundled the software nasty to make a fast buck from its cheap, low-margin hardware: the application hijacks web browsers to inject ads into pages, even HTTPS encrypted websites, using an egregious root CA certificate.Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate, US-CERT said on Friday, urging people to remove the adware.Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.In a detailed rundown – including instructions on how to remove the badware – the Homeland Security team said select Lenovo Windows laptops built since September 2014* harbor Superfish VisualDiscovery. Lenope stopped bundling the software in January 2015.The malware installs its own root CA certificate so it can silently intercept and decrypt HTTPS connections, allowing it to tamper with pages – namely, injecting ads to stuff to buy online.For example, if you visit on an affected laptop, your web browser is hijacked to connect through Superfish's software, but the user is none the wiser. The Superfish root CA certificate convinces the browser that everything is OK.

The private key for this certificate is hardcoded into VisualDiscovery's executable, and easily extractable. This means anyone can use it to create spoof websites that will be trusted by vulnerable laptops, allowing miscreants to pull off man-in-the-middle attacks and steal login passwords.In other words, your connection to, say, on a Lenovo laptop may look legit with a little padlock in the top corner of the window, but in reality the website could be malicious and masquerading as the real site so it can learn your login details.The CERT advisory says Superfish uses Komodia's Redirector with SSL Digestor to intercept web connections. It points out that the same code is also used in free parental control software dubbed KeepMyFamilySecure (the irony), and it is not exclusive to Lenovo products. Other apps and products are bundling the adware.Superfish, founded in 2006, is a small company based in Palo Alto, California, and has reportedly received about $20m in funding since 2009. Journalist Thomas Fox-Brewster has more on the background of Superfish and Komodia, here.

Microsoft agrees that this whole mess is bad news for users. On Friday the Redmond giant told El Reg its antivirus software Windows Defender now detects and removes the Superfish software from Lenovo devices.And sources familiar with the matter told us Microsoft's tool not only removes the Superfish software, but also the rather cheeky root certificate. Superfish insists computer users have nothing to worry about, and contradicts the US government's assertion that this is a major problem.Despite the false and misleading statements made by some media commentators and bloggers, the Superfish code does not present a security risk, its CEO Adi Pinhas told El Reg in a statement, adding that the company doesn't store or share personal data.Unfortunately, in this situation a vulnerability was introduced unintentionally by a third party. Both Lenovo and Superfish did extensive testing of the solution but this issue wasn't identified before some laptops shipped, he explained.Fortunately, our partnership with Lenovo was limited in scale. We were able to address the issue quickly. We learned about the potential threat yesterday and since then we have been working with Lenovo and Microsoft to create an industry patch to resolve the threat.There's no word from Lenovo on the US government's Superfish alert. On Thursday the PC maker's CTO Peter Hortensius said his firm isn't trying to get into an argument with the security guys, and insisted the code was safe to use.

Updated at 1407 Pacific Time (2207 UTC) It's claimed the Komodia proxy server used by the Superfish adware is worse than previously thought: any man-in-the-middle attacker can create a spoof HTTPS website that is trusted by laptops with the Superfish root CA certificate installed, without having to use the extracted private key. Self-signed SSL certificates are converted into valid ones, we're told.All the users out there with Komodia-powered Parental Control software or adware [can] have their banking connections easily intercepted. Well, good job, says CloudFlare security bod Filippo Valsorda. * US-CERT initially said Lenovo was bundling Superfish's software since 2010, although has since corrected that to September 2014 after Lenovo complained. In a statement to El Reg, the computer giant said:+Comment Chinese PC maker Lenovo has published instructions on how to scrape off the Superfish adware it installed on its laptops – but still bizarrely insists it has done nothing wrong.That's despite rating the severity of the deliberate infection as high on its own website. Well played, Lenonope.Superfish was bundled on new Lenovo Windows laptops with a root CA certificate so it could intercept even HTTPS-protected websites visited by the user and inject ads into the pages. Removing the Superfish badware will leave behind the root certificate – allowing miscreants to lure Lenovo owners to websites masquerading as online banks, webmail and other legit sites, and steal passwords in man-in-the-middle attacks.

Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping, Lenovo said in a statement on Thursday.We know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.Step-by-step instructions on how to remove the Superfish application, and the certificate it uses to impersonate trusted sites, have been published by Lenovo. Firefox users may have to take extra steps.If you use any of the following products, or someone you know does, you should check it for Superfish's crapware: Security experts are warning that the Superfish code is so badly designed that it is easy to extract the private key to its root CA certificate. This private key can be used to generate SSL certificates that a nefarious website can use to masquerade as a legit site.

For example, if you're a bad person working in a cafe with control over its public Wi-Fi, and you see an affected Lenovo user join your network, you can attempt to redirect their connection to an online bank to your own password-stealing server. Your server can use a rogue SSL certificate generated from Superfish's leaked private key to masquerade as the bank's dotcom. The Superfish root CA certificate on the laptop tells the browser to trust the dodgy connection – and user will be none the wiser (unless they inspect the SSL session, which no one does).In the past 24 hours websites such as and have been created to identify PCs with the rogue root CA installed, using SSL certificates signed by the leaked private key. If you're on a Lenovo machine and you don't see any errors about the HTTPS connection to these websites in your web browsers, you've got the bad certificate installed.

The software was preinstalled on a range of Lenovo's consumer laptops, a move Peter Hortensius, the firm's chief technology officer, admitted was a mistake. But he said that there were no security risks with using software which borks HTTPS.We’re not trying to get into an argument with the security guys, he told the Wall Street Journal. They’re dealing with theoretical concerns. We have no insight that anything nefarious has occurred. But we agree that this was not something we want to have on the system, and we realized we needed to do more.Normally Lenovo performs due diligence on all software it preinstalls but in this case the vetting procedure was not carried out well enough, he opined. The inclusion of such software is apparently covered in the tedious end user license agreement that no one reads.

In an extended statement Lenovo said Superfish wasn't a major contributor to the manufacturer's bottom line, and said the software did not build personal profiles of users – just advertising tailored to whatever the victim was browsing.Superfish has not been active on Lenovo laptops since December, Superfish's CEO Adi Pinhas told El Reg in a statement.It is important to note: Superfish is completely transparent in what our software does and at no time were consumers vulnerable - we stand by this today. Lenovo will be releasing a statement later today with all of the specifics that clarify that there has been no wrong doing on our end.That remains to be seen. Lenovo has a very close relationship with Microsoft as a top-flight box maker, and Redmond told El Reg today that it is probing the situation to see if the inclusion of the software breaks any of its licensing rules.

Acer Aspire 5737 Battery

They are also more self-supporting on smart devices. And because businesses need to configure and support laptops and full enterprise applications, people on all sides are generally content with a Mac or Windows machine running standard operating environments and ordered conventionally.It is CYOD with smart devices that is attracting marked uptake. An independent study of IT decision makers commissioned by Azzurri Communications revealed that CYOD has grown at twice the rate of BYOD (12 per cent versus six per cent), with 31 per cent of organisations now running company-wide CYOD (against 17 per cent BYOD).Organisations overwhelmingly cited CYOD as more suitable, with 60 per cent opting for it as most appropriate for their business and just 13 per cent favouring BYOD.Accountable public-sector budgets are a hot market for BYOD. Azzurri helped implement a BYOD/CYOD project last year at University College London Hospitals (UCLH).The hospital trust expanded an employee-owned smart-device programme following initial success with patient surveys conducted using tablets, which boosted response rates from ten to 80 per cent. It developed apps for a choice of hospital-owned devices.

When device costs became prohibitive UCLH added BYOD – a pioneering move in public healthcare – with a successful trial of 150 devices belonging to healthcare managers.“We’ve seen an increase in employees forgoing the use of provided mobile devices and instead using their own devices at their own cost,” says Mark Taglietti, head of IT service delivery at UCLH."Access to Trust services on the move not only improves productivity but also provides a cost saving to the organisation – a win-win for all."Another study, this time from Acronis and the Ponemon Institute, revealed that 60 per cent of companies admitted to having no formal own-device policy at all.Acronis points to its customers. Parrish Construction Group gives employees mobile devices loaded with Acronis Access, and each claims to save an hour a day by accessing previously office-bound data by tablet or phone from remote work sites. All the blueprints and budgets they need are accessible seamlessly on tablets.HP believes there is opportunity here to drive new ways of working and back the IT department by fully supporting enterprise mobility.“Planning for the short term and simply allowing employees to use their own tablets is a very small part of this,” says a spokesman.

“The focus needs to be far longer term than that, building an agile infrastructure that will evolve and adapt to changing technologies and demands. Future-proofing is critical. Cloud and mobility will increase, and businesses must invest to move along with it.”The larger the company, the more formal these plans are likely to be, and the more they will include menus of approved devices that employees can choose from. Smaller companies tend to be less rigid, with formal CYOD policies less likely to be followed if they exist at all.“It’s not just about giving employees devices, it’s about developing simple applications that provide secure access to corporate files. The tide is continuing to turn and people now see past earlier security issues,” says Lofgren.Microsoft believes the key to simplifying device choice for employees is to understand what the people using them need to achieve and what their challenges are.“We’ve managed to help businesses move to Lumia within days of their decision. LumiaBizTrial allows businesses to assess our solution, and we will help customers migrate as quickly as they wish,” says Adrian Williams, director of B2B sales for Microsoft UK and Ireland.

As businesses move apps to the cloud, they will be Java/HTML-based and browser accessed. This makes cross-platform compatibility easier and more secure because there is less information on end-user devices.It also makes mobile device management and freedom of choice for end-users a lot less scary for company boards and IT teams.Cornum believes that cloud-friendly applications are changing the whole scenario before it has even taken hold, making the devices that we choose or bring just a matter of personal preference. In practice most of us will actually just need a browser.“We’re seeing a 2.0 of CYOD coming to pass right in the middle of people trying to figure out the 1.0,” he says.It is almost irrelevant who owns what device if companies put the right policies in place. Ultimately CYOD is more acceptable to more people: the board loves compliance and predictability, IT gains control and manageability and end-users get a cool device paid for by their company that makes them more productive.And if most employees had actually read those first-generation BYOD policies they happily signed, they probably wouldn’t bring their own devices into work anyway for fear of events conspiring to wipe and reset a device that thought it was safe.

Printing dark red characters on a black keyboard isn’t the smartest idea anyone’s ever had, and I found that I needed to keep the backlight turned on most of the time just to type quickly and locate function keys. However, I can forgive that minor lunacy as the Beats SE costs just £479 and is probably the cheapest full-HD laptop currently available.You’re not going to get an eye-popping IPS display for that price, and the colours on the 15.6-inch screen do look at bit dull at times. The vertical viewing angle is limited too, which means that you might need to give the screen a little nudge to every now and then. Fortunately, the horizontal viewing angle is a lot better, so you can sit back and browse the web or watch some streaming video in comfort. The Beats speakers are nothing special either, although they’re loud enough to let you listen to a few tunes without needing headphones or external speakers.Performance is pretty modest, with the 1.7GHz AMD A8 processor only managing entry-level scores of 1681 and 1971 points when running the PCMark 8 Home and Work suites. However, it does include 8GB of memory and 1TB hard drive, so you can pile on plenty of music and videos to keep you entertained and there's a DVD drive too.

Battery life only just nudges past the three-hour mark. But, to be fair, the Beat’s performance and battery life are still comparable to many other budget laptops that don’t have the benefit of a full-HD screen. It’s certainly no graphics workstation, but if you just want an affordable full-HD screen for watching video or browsing your photo library then the Beats SE is probably the best you’ll get for less than £500.Lenovo’s biggest boast about the Yoga 3 Pro is that it’s the world’s slimmest and lightest 13-inch laptop. And, with a weight of just 1.2kg and a super-slimline profile of 12.8mm, it really can teach rivals such as the MacBook Air a few lessons in portability.It also outguns the MacBook Air with its quad-HD display and 3200x1800 resolution. The image quality is excellent, and the viewing angles mean that you can see it clearly even when you use the super-bendy hinge to fold the screen into upright ‘tent’ mode, or switch into tablet mode when you want to put your feet up.

The Yoga 3 Pro is also one of the first laptops we’ve seen with Intel’s new Broadwell M-5Y70 processor, running at 1.1GHz, along with 8GB of memory and 256GB solid-state drive. That comes to £1,299.00 – or £1,499.00 with 512GB SSD – which isn’t bad by the standards of its High-DPI rivals.But while the Broadwell’s 14nm design helps to really streamline the Yoga 3 Pro, it doesn’t do an awful lot for performance. It could only manage entry-level scores of 1844 and 2192 in the Home and Work suites of PCMark 8. On the other hand, it did manage to last for five hours and 20 minutes when running PCMark 8, which isn’t at all bad for a High-DPI display such as this. It’s just a shame that the Yoga 3 Pro can’t also offer the pro performance you might expect at this price.Salt Lake City politicos voted to let Uber to operate but only if it followed the same rules as other transport firms including getting background checks, and vehicle inspections but Portland, San Francisco and LA took Uber to court, a court in Berlin upheld a ban on Uber, a US Senator wrote to Uber’s CEO demanding answers about a “troubling disregard for customers” privacy and their data protection - the Senator wrote to Lyft, too - and in Singapore the city transport authority planned its own taxi-finding app.