New, from the company that brought you SuperFish ...
Subject: General Tech | January 26, 2016 - 12:13 PM | Jeremy Hellstrom
Tagged: security, Lenovo, idiots
Lenovo chose the third most popular password of 2015 to secure its ShareIT for Windows application and for bonus points have made it hard coded, which there is utterly no excuse for in this day and age. If you aren't familiar with the software, it is another Dropbox type app which allows you to share files and folders, apparently with anyone now that this password ridiculousness has been exposed. As you read on at The Inquirer the story gets even better, files are transferred in the clear without any encryption and it even creates an open WiFi hotspot for you, to make sharing your files even easier for all and sundry. There are more than enough unintentional vulnerabilities in software and hardware, we really don't need companies programming them in on purpose. If you have ShareIT, you should probably DumpIT.
We received word that there is an updated version of ShareIT available for those who do use the app and would like to continue to do so.
They can also access the latest versions which are posted and available for download on the Lenovo site. The updated Android version of SHAREit is also available for download on the Google Play store. Please visit the Lenovo security advisory page for the latest information and updates: (https://support.lenovo.com/us/en/product_security/len_4058)
"HOLY COW! Lenovo may have lost its mind. The firm has created vulnerabilities in ShareIT that could be exploited by anyone who can guess that '12345678' could be a password."
Here is some more Tech News from around the web:
- Simple solution foils lithium-battery freeze @ Nanotechweb
- Terrible infections, bad practices, unclean kit – welcome to hospital IT @ The Register
- Microsoft struggles against self-inflicted Office 365 IMAP outage @ The Register
- AI pioneer Marvin Minsky passes away aged 88 @ The Inquirer
- Surface Pro 3 users are getting all kinds of borkage after bad driver drop @ The Inquirer
- Exposed HP LaserJet Printers Offer Anonymous FTP To the Public @ Slashdot