I'm in the security industry and bought a ThinkPad (X1 Carbon) 6 months ago. It has the form factor and specs that I want.
What is the threat model? They will not be using the rootkit for hiding useland malware. Are they extracting my documents and misuing them? Are they performing MITM on my connections and doing something harmful? While the capability is there, I don't see the software being used in a way that will inconvenience me.
It is a weak point in the system, maybe someone else exploits it, but I have so much software that I can say that about. When looking at threats the question for me is what is most likely to get me owned. It will probably be phishing or a malicious document. That's not going to change based on the manufacturer I buy from.
If I do get owned by some targeted malware that uses a Lenovo driver for priv esc, well they were probably going to get me with or without that. As good as it would feel to boycott a company with poor security practices, I'm over running unrefined System76 laptops.
It did MITM to inject ads, including adding their cert to the trust store to MITM SSL connections.
Of course the software needed the private key to work, which they shipped to every laptop and was quickly put online.
All of the sudden banking at coffee shops on a lot of Lenovo models was no longer private.
I'm not sure if captured traffic could be retroactively decrypted, but I wouldn't doubt it. PFS support probably wasn't high on Superfish's priorities.
Superfish was never on Thinkpads, only Lenovo's consumer laptops. The Thinkpad division and the consumer laptop division seem to operate somewhat separately.
I do this all the time. My machine has a modern browser, up to date OCSP, HSTS already cached, all that. Could you please explain to me the danger or threats you are warning against?
Have you configured your browser(s) to "fail closed" when it comes to OCSP queries? CRL and OCSP behavior has been, well, "not ideal" since basically forever.
yes legitimate traffic is going to be fully encrypted thanks to TLS, the risk comes from attacks where you believe you're logging into your banking site securely when you're actually not. for example dns cache poisoning, ssl downgrade attacks, etc.
in the case of a starbucks, the AP itself is not necessarily secure (under a counter somewhere?) so it's possible users are connecting to a malicious AP.
the threat model depends on the level of risk: the convenience may outweigh those risks, it may not. for myself it is one of a few tasks i wouldn't engage in on a network i don't have more trust in, but in retrospect this advice was indeed probably too strong for most.
Again - who cares about dns cache poisoning when your cert chain is sound and your browser is sensible about cert downgrades (which all of them are now)? Who cares about how secure the AP is? It’s an encrypted, securely authenticated connection. That’s the whole point of the cert chain. The AP can be as malicious and evil as it wants - good luck usefully tampering with or impersonating my bank’s public key.
Again, what’s the threat model here? Exploiting a browser vulnerability? Maybe?
“ Are they extracting my documents and misuing them? Are they performing MITM on my connections and doing something harmful? While the capability is there, I don't see the software being used in a way that will inconvenience me.”
There are capabilities that can be misused, but I generally trust the companies with those capabilities to not misuse them.
Maybe Lenovo will include a sketchy driver, but I trust Lenovo to not use that driver to drop ransomware on my machine. In the same sense I trust Google with my location and emails. You may trust an AV company that can upload any file on your machine to not grab your tax returns and open a new credit card in your name.
Even if Lenovo starts intercepting my private web traffic or placing files on my machine there is only so much damage they can do. They are not about to frame me by dropping plans to overthrow the government in my downloads folder then blackmailing me to design more secure drivers for no pay.
There are threats I'm afraid of and a computer manufacturer, no matter how negligent, is not one of them. Is OP avoiding Intel too? Meh.
What is the threat model? They will not be using the rootkit for hiding useland malware. Are they extracting my documents and misuing them? Are they performing MITM on my connections and doing something harmful? While the capability is there, I don't see the software being used in a way that will inconvenience me.
It is a weak point in the system, maybe someone else exploits it, but I have so much software that I can say that about. When looking at threats the question for me is what is most likely to get me owned. It will probably be phishing or a malicious document. That's not going to change based on the manufacturer I buy from.
If I do get owned by some targeted malware that uses a Lenovo driver for priv esc, well they were probably going to get me with or without that. As good as it would feel to boycott a company with poor security practices, I'm over running unrefined System76 laptops.