An Object Lesson in Response: Lenovo Breaks SSL Trust, Bungles Messaging

Mike Fratto
Mike Fratto

Summary Bullets

  • Don’t break security protocols for the sake of a few shekels. The loss of trust from customers far outweighs the benefits.
  • Don’t try to downplay the severity of your mistake. Doing so will only hinder efforts to regain customer trust.

There seems to be a neverending series of object lessons from overzealous IT vendors looking to increase their bottom line by exploiting the trust of their customers. This week, news broke causing shock and outrage that Lenovo had installed a broadly permissive CA certificate and secret key into the trusted certificate store of consumer laptops it sold, allowing it to vouch for anything. Lenovo also installed software on new consumer laptops that intercepted web connections and analyzed web images and then inserted targeted advertising into web pages to help. The intended purpose of Superfish, according to Mark Hopkins, program manager of Lenovo’s Social Media (Services) is to “[help] users find and discover products visually … [and] presents identical and similar product offers that may have lower prices,” said in one of its forums. Continue reading “An Object Lesson in Response: Lenovo Breaks SSL Trust, Bungles Messaging”

The Bamital Botnet Bust Takes an Interesting Turn

Amy Larsen DeCarlo
Amy Larsen DeCarlo

Summary Bullets:

  • Microsoft and Symantec disclosed that they have successfully (they believe) shut down the Bamital botnet, which was netting at least $1 million a year for the perpetrators.
  • The companies went beyond the usual legal and technical responses, employing the botnet’s own mechanisms to inform targeted users that their systems had been infected to carry out so-called ‘click fraud.’

Where there is a will, there always seems to be a way when it comes to hackers using new techniques and variations on old methods to breach systems for their own gain.  This is what makes the IT security discipline as relentlessly frustrating as it is endlessly challenging.  No matter how innovative IT security technologies become and practices evolve, determined cybercriminals seem to be finding new ways to penetrate even the best enterprise defenses.  Continue reading “The Bamital Botnet Bust Takes an Interesting Turn”