undefined | Better HN

0 pointsdeogeo7y ago0 comments

Fair would be sending executives to jail for hacking. Releasing a non-backdoored BIOS was the absolute minimum.

Edit: As pointed out by josteink, the BIOS wasn't backdoored - it was used to install a backdoor. But calling what it installed "insecure Windows-software" is also inaccurate. According to https://en.wikipedia.org/wiki/Superfish#Lenovo_security_inci..., its purpose was man-in-the-middle attacks against the user. So I still think criminal liability and jail time would be just. Ordinary people have been sent to jail for far less.

0 comments

josteink7y ago

To be fair and technically correct, the BIOS itself was not backdoored.

The BIOS itself was fine, but it contained insecure Windows-software which it requested/instructed Windows to install.

Install any other OS (like Linux) and there would be no backdoor at all.

To be clear I’m not trying to defend Lenovo’s actions here, I’m just trying to be clear about what this incident was actually about. The simplistic description is IMO a bit too simplistic in this case.

stcredzero7y ago

Fair would be sending executives to jail for hacking.

That would be up to a prosecutor. A civil suit would take the form of a class action.

walshemj7y ago

Or banning for a period of years the company from any government work as happened to Arthur Anderson in the UK.

j / k navigate · click thread line to collapse