Just say no to Accelerator support applications; yet another Lenovo vulnerability
Subject: General Tech | June 3, 2016 - 04:10 PM | Jeremy Hellstrom
Tagged: Lenovo, security, idiots, superfish
At some point they may learn but obviously not yet as Lenovo's Accelerator support application opens two vulnerabilities for systems with the application installed. As it uses unencrypted transmissions during the update process and does not verify the application you receive you are vulnerable to man in the middle attacks. There are 6 notebooks and 25 desktop lines with this issue, although ThinkPads and ThinkStations are not on the list. If you have the software you should remove it immediately. More over at The Register.
"Duo Security researcher Mikhail Davidov reported the holes that would allow eavesdropping attackers to tap into Accelerator's unencrypted update channels to compromise users."
Here is some more Tech News from around the web:
- Computex 2016 Live Coverage Day 3 @ Tech ARP
- There's a Stuxnet Copycat, and We Have No Idea Where It Came From @ Slashdot
- Cisco warns IPv6 ping-of-death vuln is everyone's problem @ The Register
- Microsoft releases HoloLens AR versions of Outlook and Calendar apps @ The Inquirer
- Unicode 9 update brings home the bacon with 72 new emojis @ The Inquirer