Lenovo laptops’ security compromised by Superfish

Computer security

If you have a Lenovo laptop then you might want to think twice before using on a Wi-Fi hotspot. The technology manufacturer has been increasingly criticised in recent weeks after it transpired that many of their laptops have been sold loaded with dangerous adware to unwitting customers.

Consumers who purchased Lenovo laptops since September will find that their machines came pre-installed with the programme Superfish, and this means that their security is seriously compromised.

Superfish is a type of adware that uses your data from searches on Google, Amazon, and other websites to add its own shopping results to your browser. However, as if this wasn’t irritating enough, there is a far more sinister problem associated with Superfish.

Superfish installs a single self-signed root certificate to your computer, which might not sound particularly worrying, however it is really dangerous. It creates a giant hole into browser security and enables anyone else on the same Wi-Fi network to silently hijack your browser and gain access to bank details, passwords, and all other kinds of sensitive information.

That means that if you’re using a Lenovo laptop on a Wi-Fi network in a public area, such as a coffee shop or local McDonalds, then there is a chance that someone could be accessing all your personal details with consummate ease.

Equally as worrying is the distinct apathy with which Lenovo seems to have responded to the issue. The company claims that it is has no insight that their machines have led to any nefarious activity, and that Superfish has now been disabled. Simply uninstalling Superfish however does not remove the problematic root certificate that leaves these laptops so open to infiltration.

It would seem that the only sure-fire way of removing the threat would be to wipe the entire machine and install a non-Lenovo version of windows, such as vanilla Windows. But with the hassle this brings, who wants to do that? Lenovo appear to have dropped a big one here.

If you require help with your computer security, speak to the team at JDM Computing today.


Bigger Isn’t Always Better: Local Manchester Computer Support

JDM Computing meets the IT needs of SMEs in Manchester, Stockport & Cheshire. As an SME ourselves, we understand that all companies have a unique set of requirements when it comes to your IT. You might require a comprehensive system with full support, or you may require just advice on the monitors, network connections, or cloud services.

Whatever you require, you can rest assured that the JDM Computing team is always close at hand. Our offices are in Stockport and Old Trafford so we’re in close proximity for our clients located in the Greater Manchester and Cheshire areas. Whenever you need us, we’ll be just a short journey away and are even able to fix many issues remotely.

Bigger companies may seem more appealing, however its the personal service and close working relationship we offer our clients that sets us apart from the rest.

Your successful business

At JDM the focus is on you. Your success depends on the reliability and cost effectiveness of your IT services, and this is what we offer.

Our technicians have 15 years’ experience in working with businesses in the Greater Manchester and Cheshire areas. We combine time-earned wisdom with cutting edge technology to keep your business competitive in your ever-evolving marketplace.

Our cloud services enable you to access the enhanced feature-set you need to improve customer service levels and staff productivity, but at an affordable price tag.

See how we can help you today by contacting the team. We look forward to hearing from you.

Security, Privacy Are Key Concerns Of Businesses When Considering Cloud Computing

Cloud computing

Seventy-one per cent of UK businesses are spending 10 per cent or less of their IT budget on cloud services, a new study by KPMG has found.

The 8th Annual “Service Provider and Performance Satisfaction” survey took into account 2,100 contracts that cover £7.8 billion worth of deals. It found the top three reasons UK businesses are shying away from adoption of the cloud are as follows:

  • 26 per cent cited concerns around data location, privacy risks and security of the cloud
  • 16 per cent said they were worried about regulation and compliance
  • 15 per cent were cynical about the ease of integration between cloud and legacy IT systems

The study also found an increase in the level of outsourcing IT services in a bid to improve service delivery, spending savings from HR, sales and financial support to fund this area.

The future of IT outsourcing

43 per cent of those surveyed said they plan to increase spending on outsourcing IT in the next two or three years – however, this is a considerable decrease compared to the previous year’s statistics. In the 7th Annual Report, 77 per cent of respondents said the same.

Why could the cloud boost your business?

Despite the fact that cloud adoption remains slow in many areas, there are tangible benefits to utilising this solution in a business environment.

Cloud computing eliminates the need to purchase expensive hardware and infrastructure for your business, saving you precious funds, in addition to space in your office or server room. The need to buy licenses is reduced as web-based software offers them on an as-you-use basis, allowing you to save on outgoings in this area too.

Beyond the cost, cloud computing boasts advantages in terms of access to information. As long as you have a device with an internet connection, you have the information you require at your fingertips. This improves productivity in terms of mobile working and can have significant benefits for customer service too, as the whole process becomes far more streamlined. Employees on the road have access to the same information as is available on their desktop PC.

File sharing and collaboration is improved, offering teams the ability to work on single documents, rather than tracking changes across multiple drafts, emailed back and forth.

Quite simply, the cloud makes your business more productive, more streamlined and more competitive, saving IT costs and boosting your bottom line.

Find out more about cloud computing with JDM.

UK and US Accused Of “Great Sim Heist”

Great sim heist

According to a US news website, UK and American intelligence agencies have hacked into a sim manufacturing business illegally to eavesdrop on mobile phone conversations. The news website, called Intercept, said intelligence agencies looked to steal codes from sim card manufacturer Gemalto.

Experts claim the alleged hack compromises the security of mobile phones on a global basis. By stealing the encryption, the security agencies were able to intercept and decode data passing between mobile phones and transmission towers.

According to the BBC, this would enable the agencies to eavesdrop on voice traffic and texts without having to gain permission from telecommunications providers. And it would not leave any trace of their presence.

About the sim hack

Gemalto is a major player in its field, operating more than 40 factories, with a presence across 85 countries. It’s clients include 450 wireless network providers.

It has been reported that the hack, which took place around five years ago, enabled US and British surveillance agencies to monitor voice and data traffic from cellular comms around the world. Coined the “great sim heist”, the hack was reported to have been organised by British GCHQ and America’s NSA, though neither has confirmed these allegations.

Warning: Businesses Targeted By Fake Invoice Email Scam

Computer security

Businesses are being warned to be extra vigilant when receiving email invoices. A new phishing scam is doing the rounds, which targets businesses by using fake invoices and attachments.

How does the scam work?

The scam will appear as an email with an attachment. It may say you need to pay an invoice or sometimes that it has already been paid. Naturally, users click to download the attachment to open up the invoice and find out what they’re being charged for. This is when the email unleashes embedded code onto your computer, which can be used to launch malware and viruses, and steal personal data from your PC.

Due to the nature of the attack, the scam is able to bypass usual security software. However, cloud users can rest assured that they are safe from this form of attack because information is stored online, rather than on a local PC.

What to watch out for

The email may look like it comes from a legitimate company because it comes from an email address which appears to be associated with a large organisation. However, look twice before you open the file. Some of the main clues that this is a phishing attack rather than a real invoice include:

1. There may be spelling and grammatical errors
2. There may be no email signature
3. The email contains only a single line of text, and no personal greeting

However, these emails can be made to look very professional, so be wary of any invoice you are not expecting. Also, it is imperative that you make sure your employees – particularly those who deal with payments – are aware of the scam.

If you need further details about protecting your business from phishing attacks like these, please do contact JDM Computing. We are more than happy to help you ensure your business benefits from the highest level of security.