• 0 Posts
  • 2 Comments
Joined 6 months ago
Cake day: September 29th, 2025
  • Manjushri@piefed.socialtoTechnology@lemmy.worldHP realizes that mandatory 15-minute support call wait times isn’t good supportEnglish
    0·
    3 days ago

    I’ve been twitchy about Lenova since they got caught selling computers with a rootkit that reinstalled crap-ware that users had uninstalled. A user would uninstall useless software from their computer, and when they rebooted, the rootkit would kick in and reinstall the bloatware.

    The “rootkit”-style covert installer, dubbed the Lenovo Service Engine (LSE), works by installing an additional program that updates drivers, firmware, and other pre-installed apps. The engine also “sends non-personally identifiable system data to Lenovo servers,” according to the company. The engine, which resides in the computer’s BIOS, replaces a core Windows system file with its own, allowing files to be downloaded once the device is connected to the internet.

    But that service engine also put users at risk.

    In a July 31 security bulletin, the company warned the engine could be exploited by hackers to install malware. The company issued a security update that removed the engine’s functionality, but users must install the patch manually.

    They had previously been caught selling computers with adware installed on them.

    Earlier this year, the computer maker was forced to admit it had installed Superfish adware over a three-month period on new machines sold through retail channels. The adware had the capability to intercept and hijack internet traffic flowing over secure connections, including online stores, banks, among others.

    Users were told they should “not use their laptop for any kind of secure transactions until they are able to confirm [the adware] has been removed,” security researcher Marc Rogers told ZDNet at the time.

    It was thought as many as 16 million consumers and bring-your-own-device users were affected by the preinstalled adware.

  • Manjushri@piefed.socialtoTechnology@lemmy.worldFrench aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failureEnglish
    2·
    3 days ago

    Yep. This has only been an issue for nearly a decade.

    The Strava Heat Map and the End of Secrets

    The revelations began unspooling at a rapid pace after Nathan Ruser, a student studying international security at the Australian National University, began posting his findings via Twitter on Saturday afternoon. In a series of images, Ruser pointed out Strava user activities potentially related to US military forward operating bases in Afghanistan, Turkish military patrols in Syria, and a possible guard patrol in the Russian operating area of Syria.

    Other researchers soon followed up with a dizzying array of international examples, based on cross-referencing Strava user activity with Google Maps and prior news reporting: a French military base in Niger, an Italian military base in Djibouti, and even CIA “black” sites. Several experts observed that the Strava heatmap seemed best at revealing the presence of mostly Western military and civilian operations in developing countries.