IT Support and Hardware for Clinics
31.3K views | +2 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Lenovo's Ideacenter Stick 300 Is a Windows PC on a Stick for $140

Lenovo's Ideacenter Stick 300 Is a Windows PC on a Stick for $140 | IT Support and Hardware for Clinics | Scoop.it

The computer-on-a-stick is not a newnor always terribly successful—idea. But that hasn’t stopped Lenovo, which has announced its own stab at the concept: the Ideacenter Stick 300.

The new device comes in several spec levels, featuring an Intel Baytrail CPU, up to 2GB of RAM, up to 32GB of storage, Wi-Fi 802.11 b/g/n, Bluetooth 4.0, and SD card reader, HDMI out and a single Micro USB port. It will run Windows 8.1 out of the box, but will also receive a free upgrade to Windows 10 when the OS launches.

In its cheapest guise, the stick will cost $140 though availability is yet to be announced. We wonder if the device can overcome some of the fundamental problems that make the (very similar) Intel offering, the Compute Stick, a massive flop. We sure hope so.

more...
No comment yet.
Scoop.it!

Lenovo Website Hijacked

Lenovo Website Hijacked | IT Support and Hardware for Clinics | Scoop.it

The website of Lenovo.com, the world's largest PC manufacturer, was hacked on Feb. 25 and visitors directed to an attacker-controlled page. The hacking group Lizard Squad, which has claimed credit for the attack via Twitter, also appears to have intercepted some Lenovo e-mails.

"Lenovo has been the victim of a cyber-attack," spokeswoman Wendy Fung told Information Security Media Group on Feb. 26. "One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public-facing website.


"We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," Fung added. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information and experience. We are also working proactively with third parties to address this attack and we will provide additional information as it becomes available."

Lenovo appeared to have restored complete access to its public website by the evening of Feb. 25.

The attack follows revelations that Lenovo, in recent months, had been preinstalling Superfish, which is adware that information security experts warn could be abused by attackers to intercept consumers' communications on many of its consumer devices.

In response to those reports, Lenovo has apologized and released utilities consumers can use to expunge Superfish from their systems. Working with McAfee, Microsoft and Trend Micro, the Superfish software has also been classified as malware and targeted for removal by their anti-virus engines, which Lenovo says will remotely wipe the adware from many systems.

Lizard Squad has recently claimed credit for a number of attacks, including the January disruption of the Malaysian Airline website, as well as the 2014 Christmas Day disruption of the Sony PlayStation and Microsoft Xbox Live networks.

Hacking Lenovo's DNS

The Lenovo.com website disruption began Feb. 25 at about 4 p.m. ET, with visitors to the site being redirected to another site that was labeled as being "the new and improved rebranded Lenovo website," accompanied by a slideshow of bored-looking teenagers looking at webcams, as the song "Breaking Free" - from the movie "High School Musical" - played in the background, technology publication The Verge first reported.

"We're breaking free! Soarin', flyin', there's not a star in heaven that we can't reach!" Lizard Squad tweeted at 4:19 p.m. ET via its @LizardCircle account, referencing the lyrics from the High "School Musical" song.

Security experts say Lizard Squad appears to have hijacked the Lenovo.com website by compromising its domain registrar, Web Commerce Communications Limited - better known as Webnic.cc. The attackers were then able to alter the Lenovo.com DNS settings, ultimately transferring them to servers run by the distributed denial-of-service attack defense service CloudFlare.

"To all asking: Lenovo was NOT a CF customer; their domain was hijacked & transferred to us," CloudFlare principal security research Marc Rogers tweeted on Feb. 25. "We are working with them to restore service."

The choice of CloudFlare was no doubt an ironic move, given that Lizard Squad says its attacks are meant to advertise its own DDoS service, Lizard Stresser.

Domain Registrar Offline

Following the attack, the Webnic.cc website has been unavailable and resolving to a "service temporarily unavailable" error message. Contacted on Feb. 26, a member of the Webnic.cc customer support team, based in Kuala Lumpur, Malaysia, declined to comment on the reported attack, and whether the website outage was intentional, for example if the registrar is attempting to conduct a digital forensics investigation and remediate affected systems following the apparent hack attack.

If Lizard Squad obtained access to internal Webnic.cc systems, then it could have transferred the Lenovo.com website to any address of its choosing. Bolstering that theory, Lizard Squad has published what it claims to be an authorization key - also known as an auth code or EFF key - that it stole from Webnic.cc. Such keys are used to authorize the transfer of domains between registrars.

Lenovo E-Mail Theft?

Lizard Squad has also published two e-mails that had apparently been sent to employees at Lenovo - with a Lenovo.com e-mail address - on Feb. 25, during the time when the hacking group appeared to have been in control of the Lenovo.com DNS settings. One e-mail cited The Verge report that the Lenovo.com website had been hacked as of 4 p.m. ET, and that Lizard Squad appeared to be responsible.

Another published e-mail referred to a Lenovo Yoga laptop that was "bricked" when a customer attempted to run Lenovo's update to remove the Superfish application and root certificate that it was preinstalling on many of its consumer devices (see Lenovo Drops Superfish Adware). "FYI - the process to remove the Superfish software from the Yoga 11 has resulted in a failed device. Can we get him a new one?" the internal e-mail reads.

Lenovo's Fung declined to comment on whether those e-mails were genuine. But Lizard Squad says via Twitter: "We'll comb the Lenovo dump for more interesting things later."

Follows Google Vietnam Hack

The Lenovo website hack follows Lizard Squad claiming credit for the recent disruption of Google.com.vn, or Google Vietnam, which was reportedly also registered with Webnic.cc. For several hours on Feb. 23, visitors to that Google website were reportedly redirected to a website that showed a man taking a "selfie" in the mirror with his iPhone, underneath the words "Hacked by Lizard Squad," The Wall Street Journal reports.

Google says that its systems were not breached by the attack, and said its domain name registrar was responsible. "For a short period today, some people had trouble connecting to google.com.vn, or were being directed to a different website," a Google spokesman told The Wall Street Journal. "We've been in contact with the organization responsible for managing this domain name and the issue should be resolved."


more...
No comment yet.
Scoop.it!

Lenovo will stop preloading Superfish adware on PCs

Lenovo will stop preloading Superfish adware on PCs | IT Support and Hardware for Clinics | Scoop.it

Lenovo found itself in a bit of hot water when some customers started noticing weird sponsored links in the search results on their brand new PCs. The culprit it turns out was a little piece of adware called Superfish the company was shipping on laptops. The company listened to customer complaints and turned off the server-side portion of the app in January. It also stopped pre-installing Superfish on new machines around the same time. While Lenovo said originally that it had "temporarily removed" the software from new machines while its developers worked on an update to address concerns, it now says that it will not preload the software ever again.

more...
No comment yet.
Scoop.it!

Fly Or Die: Lenovo Yoga Tablet 2 Pro

Fly Or Die: Lenovo Yoga Tablet 2 Pro | IT Support and Hardware for Clinics | Scoop.it

The Lenovo Yoga Tablet Pro 2, while long-winded in name, is pretty interesting when it comes to form and function. The kickstand-equipped tablet offers pretty standard capabilities, with a 13.3-inch (2560×1440) IPS display, an Intel Atom processor, 2GB of RAM, 32 GB of internal storage, and an added surprise.

The 13-inch tablet also comes with a built-in pico projector so that you can blow out movies or presentations on a nearby wall.

We brought the Yoga Tablet Pro 2 into the office for an episode of Fly Or Die, and to my shock and awe, John Biggs is impressed. He thinks the projector is a helpful addition to a tablet of this size, which could work well for travel or in-home use.

I’m not quite as wooed by the projector, which doesn’t seem to work well in anything but pure darkness, and the UI that Lenovo slapped over the Android 4.4 tablet is a bit too bare bones.

One fly and one die, meaning you’ll just have to check it for yourself.

The Yoga Tablet Pro 2 is available now for $499.


more...
No comment yet.
Scoop.it!

Lenovo recalls more than 500,000 power cords due to spark, burn risk

Lenovo recalls more than 500,000 power cords due to spark, burn risk | IT Support and Hardware for Clinics | Scoop.it

Lenovo is issuing a recall for more than 500,000 computer AC power cords in the U.S. after receiving reports of the cord overheating, sparking, melting, and burning. All problematic cords were reported by users outside the U.S. The current recall also affects 44,000 devices sold in Canada, according to the U.S. Consumer Product Safety Commission.

The recall could apply to anyone who purchased an IdeaPad laptop from the B-, G-, S-, U-, V- or Z-series between February 2011 and June 2012. Plain vanilla Lenovo laptops with no IdeaPad or ThinkPad branding are also affected if they are from the B-, G-, and V- series. You can find a complete list of affected models on Lenovo's website.

The impact on you at home: If you're affected by the recall, Lenovo is urging you to cease using the defective power cords immediately. The company is offering a free replacement you can claim via its customer service line at 1-800-426-7378. Operating hours are between 9 a.m. and 5 p.m. ET Monday through Friday.

Checking your cord model number

Beyond determining your model number, you can also check your power cord to see if you have the potentially defective model. First unplug your PC from the power source and then remove the power cord from your PC.

Next, remove the cord from your power brick (the part that goes between your laptop's power brick and the wall outlet). On the end that plugs into your brick, check to see if the model number is LS-15 as pictured at right.

That's the defective model number. If you don't see LS-15 then you should be in the clear.

This is the second major recall for Lenovo in 2014 after the company had to call back more than 34,000 ThinkPad battery packs in March. Lenovo wasn't the only company to recall batteries this year, however, with both Panasonic and Sony also calling back defective products.




more...
No comment yet.
Scoop.it!

Lenovo Patches Critical PC Flaws

Lenovo Patches Critical PC Flaws | IT Support and Hardware for Clinics | Scoop.it

Lenovo issued an emergency patch to fix flaws in software that it preinstalls on many of its Windows PCs after security researchers warned that it contained vulnerabilities that attackers could use to remotely seize control of systems.


The vulnerabilities affect the Lenovo System Update software - version 5.6.0.27 and before - which was previously known as ThinkVantage System Update. The Chinese PC manufacturer says the vulnerable software may be present on its ThinkPad, ThinkCenter and ThinkStation laptops and tablets, as well as Lenovo V/B/K/E Series devices.


The flaws were discovered by IOActive security researchers Michael Milvich and Sofiane Talmat in February, after which they alerted Lenovo and helped it prepare related fixes, which Lenovo released in April. But the researchers' findings were only made public this week.


One flaw, rated critical by the IOActive researchers, centered on a "race condition," in which attackers could have System Update verify that an executable file was legitimate, and then substitute a malicious executable. "Lenovo System Update validates all system update files as they are downloaded from the Lenovo servers. However, if the local system contains malware, it is possible that the downloaded updates could be altered before installation," Lenovo warns in a related security advisory.


To fix the flaws, users should update to version 5.06.0034 or later of Lenovo's software, which includes related patches. "Lenovo System Update automatically checks for a [new] version whenever the application is run," the company's security advisory says. "Click OK when prompted that new version is available." Alternately, users can download updates manually.

Follows Superfish

The security alert follows revelations in February that Lenovo, which is the world's largest PC manufacturer, had been preinstalling adware called Superfish on many of its PCs. Numerous security experts warned that the adware put users at risk because of the insecure manner in which it used digital certificates to intercept and decrypt otherwise encrypted Internet traffic.


Now, security experts are expressing dismay that yet more flaws have been found in Lenovo's preinstalled software. "Lenovo has been found wanting again on the security front," information security expert Alan Woodward, a professor at Surrey University, tells the BBC. Following on the Superfish debacle, he said Lenovo was demonstrating a "lamentable record for security."


While Lenovo initially defended Superfish - as a feature - it later backed off and began working with security firms to delete the software. The manufacturer also promised that beginning with new devices running the forthcoming Windows 10 operating system it would include only essential operating system and related software, including hardware drivers, security software and Lenovo's own applications, with a spokeswoman saying they would be free from "what our industry calls 'adware' and 'bloatware.'"

Predictable Security Tokens

While Superfish adware was preinstalled on many consumer-focused Lenovo systems, the new vulnerabilities are largely present on business-oriented machines.


Furthermore, Lenovo's System Update software is powerful, in that it will execute any code that it receives, for example to update the Windows operating system. Such functionality would be useful to attackers, of course, if they could trick it into installing malicious code. If that attack was successful, then the attackers could install a backdoor, execute malware that steals data stored on the device, and take full control of the machine.


To guard against that, the System Update software requires any client that attempts to connect to the service to authenticate itself, using a security token. "Unfortunately this token is a predictable token and can be generated by any user without requiring any elevated permissions," the IOActive researchers say about the previous version of System Update. "As a result, an attacker who is unprivileged can perform the same operations as the System Update. The attacker can create a valid token and include it with a command to be executed." Lenovo's patch, however, fixes that problem.

Another Flaw Patched

Another problem present in previous versions of the Lenovo System Update software was a failure to conduct complete security checks on executable code.


"As a security measure, Lenovo signs its executables and checks the signature before running them, but unfortunately does not completely verify them," the IOActive researchers said in their vulnerability warning. As before, this flaw was patched by Lenovo in April.

In particular, the Lenovo software did not fully validate the certificate authority chain. As a result, an attacker could create a fake certificate authority, use it to sign a malicious executable, and then fool the System Update software into executing it.


For example, per the "classic coffee shop attack," a related man-in-the-middle attack could be launched if the attacker was connected to the same WiFi network as a vulnerable Lenovo PC, the researchers say. "The System Update uses TLS/SSL to secure its communications with the update server, which should protect against 'coffee shop' style attacks," they add.


But protection was provisional on the Lenovo software correctly handling digital certificates, which it was not. "Lenovo - like Fandango, Kredit Karma, and an estimated 40 percent or more of mobile application developers - were not able to validate if certificates were from a trusted authority," says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, which develops software to secure and protect cryptographic keys and digital certificates. "As this vulnerability shows, if you can compromise certificates, other security controls break down. With a compromised or forged certificate, you can masquerade as a trusted service, hide [via] encryption, and go undetected."


Again, however, Lenovo and IOActive report that all of the above flaws have now been patched.


more...
No comment yet.
Scoop.it!

Two Lawsuits Filed Against Lenovo Over Superfish Scandal

Two Lawsuits Filed Against Lenovo Over Superfish Scandal | IT Support and Hardware for Clinics | Scoop.it

Lenovo's Superfish adware drew a lot of anger and criticism last week to the point where the software was immediately disabled and the company promised it would not upload it in future releases. Even with Superfish disabled and Lenovo's assurance that there were no vulnerabilities associated with the software, the effect on affected products is irreversible. In the wake of the incident, a class-action lawsuit was filed against Lenovo last week which could put the company in jeopardy.

The class-action suit, with blogger Jessica Bennett as the plaintiff, was filed at the U.S. District Court in the Southern District of California. Bennett claims that Lenovo invaded her privacy and made a profit by keeping track of her onlinebrowsing.

She initially noticed the problem when she wrote a blog post for a client's website with the website featuring spam ads "involving scantily clad women." Further investigation by Bennett on other websites showed more pop-up ads, which led her to believe her Yoga 2 was compromised or contained spyware. She eventually found the source on the Lenovo forums in the form of the company's Superfish software.

Superfish worked by placing ads in search engines and other websites without the user's permission. It also made secure connections vulnerable because of the company's own root certificate, which would replace a secure site's own certificate. Even though the software is now deactivated, those who had Superfish on their Lenovo devices are still vulnerable to hackers who can monitor user traffic and steal important banking credentials.

Another law firm also opened up a class action lawsuit against Lenovo and is encouraging customers to reach out if they want to participate. Both cases are still in their early stages, so the process could take some time before Lenovo gets its day in court. But with Lenovo potentially fighting a legal battle on two fronts, the company seems to be taking a turn for the worse, with the trust of customers slowly fading away.



more...
No comment yet.
Scoop.it!

Motorola sales double in 2014 as the brand re-enters China

Motorola sales double in 2014 as the brand re-enters China | IT Support and Hardware for Clinics | Scoop.it

Lenovo reported its earnings for the past quarter on Tuesday. During the quarter, the company officially completed its $2.91 billion acquisition of Motorola from Google.

Lenovo announced its smartphone brand sold over 10 million handsets in the most recent quarter. Sure, that pales against sales figures from giants like Apple and Samsung, but at least it’s going in the right direction.

When Lenovo and Motorola smartphone sales are combined, the company is one of the top five smartphone makers in the world, behind Apple and Samsung and in fierce competition with Huawei and LG.
Get all the news you need about Mobile with the Gigaom newsletter

Lenovo Group’s revenue includes laptop and desktop sales, in which Lenovo is the world market leader. Lenovo reported that total revenue was up 31 percent to $14.1 billion. But Lenovo has thin margins, around 2.8 percent, and managed a net profit of $253 million.

Motorola sales were up 118 percent to $1.9 billion. Lenovo once again confirmed that it plans to sell Motorola phones in China, and said it believes Motorola can become profitable in the next year.

Lenovo also completed its purchase of IBM’s server business for $2.1 billion in October.

More importantly, it appears that the Motorola brand resonates in massive and growing smartphone markets like China and India. Motorola announced Monday on Weibo that it had seen 1 million reservations for the decidedly high-end Moto X. In India, Motorola previously said it had sold 3 million smartphones last year, probably mostly the more affordable Moto E and Moto G models.

Because Lenovo didn’t officially complete its acquisition of Motorola until the end of October, much of this success isn’t from Lenovo’s input — it most likely stems from decisions made while Motorola was a Google company, such as the decision to streamline and simplify its main product line under the Moto moniker. Motorola was the hardware partner for the Nexus 6, Google’s reference device for the latest version of Android. Motorola also produces one of the better-received Android Wear smartwatches, the Moto 360.

more...
No comment yet.
Scoop.it!

Apple and IBM reveal 10 iOS apps that aim to change the way you work

Apple and IBM reveal 10 iOS apps that aim to change the way you work | IT Support and Hardware for Clinics | Scoop.it

The way banks, airlines, wireless carriers, and even governments do business could soon change if Apple and IBM have anything to say about it. The two companies now have 10 apps designed to streamline business operations behind the scenes, which may lead to better service for the rest of us.

The new apps are the first wave in a lineup that’s expected to include up to 100 iOS apps for business. IBM is firmly entrenched in enterprise, while Apple’s presence in the halls of giant corporations has been largely unofficial, in the form of employees using their personal iPhones to send company emails. So the two companies partnered up in July to bring their complementary strengths to businesses on iOS.

One app called Incident Aware will give police a real-time look at maps and video from crime scenes, as well as information about victims and suspects, and better backup request capabilities.

Another, Sales Assist, is designed to help retail employees offer better service to shoppers by giving them access to customer profiles with past purchase history for improved recommendations. The app also helps staffers manage inventory.

Apple and IBM produced a pair of apps for airlines: Plan Flight for pilots offers a look at flight schedules, flight plans, and crew manifests and the ability to report in-flight problems to crew on the ground. The other, Passenger+, gives flight crews information about passengers so they can tailor special offers to them.

Citi, Sprint, Air Canada, and Banorte are the first four IBM clients using the apps at launch. Apple is offering AppleCare for Enterprise, a 24-hour customer service line, while IBM takes care of on-site issues.

The two companies will continue to release apps throughout 2015.

Why this matters: This isn’t the first time Apple has ventured into enterprise, or the first time the company has worked with IBM (remember the PowerPC?). The partnership is still in early days, but with IBM’s expertise in enterprise needs like data analytics and Apple’s deft design touch, IBM MobileFirst for iOS could become the enterprise suite of tools to beat—and make everyone’s lives a lot easier.




more...
No comment yet.
Scoop.it!

Disk storage market grows with inclusion of ODM vendors

Disk storage market grows with inclusion of ODM vendors | IT Support and Hardware for Clinics | Scoop.it

Disk storage sales grew more strongly in the third quarter, helped by sales of non-branded storage gear sold directly to datacenters.

Third-quarter disk storage sales jumped 5.1 percent year over year, reaching US$8.8 billion, according to research firm IDC. This was a change from the anemic growth the market saw earlier this year, brought on by falling demand in mature markets.

Sales of server-based storage with high capacity were up 10 percent in the third quarter. But the big bright spot was the influx of storage systems from original design manufacturers (ODMs) which design and produce hardware to other companies’ specifications. In the storage market, these manufacturers are bypassing traditional brands, selling directly to cloud service providers that put the equipment to use in hyperscale datacenters.

Similar trends appeared in an analysis of server market share published by Gartner earlier this week. It found that server purchases from ODMs by Google and Facebook were driving the market in the third quarter.

For the first time in its analysis of the storage market, IDC included ODMs’ sales. In the third quarter, ODMs collectively posted the highest level of growth, with their storage sales up 22 percent year over year.

Although the ODMs’ market share was only at 11.6 percent, the sales accounted for 43 percent of all storage capacity in the quarter.

IDC didn’t identify the ODMs, but the prominent ones are based in Taiwan and include Quanta Computer, Wistron Group and Inventec among others. The ODMs typically offer unbranded products, and they’ve been steadily growing in the server and storage market by selling directly to Google, Facebook and Amazon Web Services.

Increasingly Web services and cloud providers are tapping ODMs to design and build new storage architectures, “with limited or no involvement from traditional IT original equipment manufacturers,” IDC said on Friday.

With ODMs included in the mix, the market share of branded storage vendors all decreased. But EMC still held on to the top spot, with a 20.8 percent share, while HP held on to second place, with a 14.6 percent share.

All the top branded vendors experienced some growth in the quarter, except for IBM, which saw its revenue fall by 7.2 percent year over year.




more...
No comment yet.