Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That was a pretty quick dismissal of Lenovo, and a warped portrayal at that. As far as we can tell, Superfish was not intentionally installed by Lenovo, and any money it made didn’t go to them since it wasn’t their software. There’s nothing here to suggest that this is a sign of anything untrustworthy happening at Lenovo, any more than there is at any other major laptop seller. It seems like this was just a case of their software QA being not quite on par with their hardware QA. Also, all websites suck. Just sayin’.

tl;dr: “Picky, picky! wags finger



If Lenovo has unintentional binaries slipping in the production image, the problems are way more serious than sloppy QA.

How can I trust their peripheral chips and firmware? Or BIOS and SMM for that matter?

Maybe some nasty things unintentionally slipped in their SMM code as well?

https://en.wikipedia.org/wiki/System_Management_Mode

There's no way I could verify all the firmware code contained in the laptop. Heck, not even one chip.

Lenovo has had things not intended happening with their BIOS [1] as well. It's fixed now, but what else there might be lurking under covers?

[1]: http://arstechnica.com/information-technology/2015/08/lenovo...


wait I wasn't paying much attention because I don't have a thinkpad but how would they have accidentally installed superfish?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: