
The apocalypse...
... it must be starting because I’m about to utter words I never thought I’d say...
For once, I’m glad I’m actually running Windows 10! (vs an older version of Windows, obviously and not something superior).
Lenovo wants ThinkPad owners to update their machines after its Fingerprint Manager Pro software was found to contain serious security vulnerabilities. Among the glaring flaws cited: a hardcoded password. In the fingerprint scanner. To log into the computer. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including …
It's still excellent. Rock solid. since switching from HP to lenovo for laptops we've yet to need to send back a warranty job (YMMV), DOA or early failures were getting more and more common with HP kit.
We've got mainly thinkpad "e" series (i5 and i7) with a scattering of Yogas.
...think these security blunders are "mistakes" nowadays?
Keyloggers, hardcoded passwords, leftover Developer tools, web browser injections etc etc.
And I have serious doubts about the "security" companies that we have to turn to for "protection" given these "antivirus" programs are fingering memory and injecting java into web browsers and sending scan results and God knows what else to some "cloud" somewhere.
I see that many of these AV companies are offering "VPN" services now too...such as Kaspersky using "HotSpot Shield" of all things.
End Times indeed!
Actually, yes, I believe it. When you farm out development to the lowest cost development contractor and then set a hard short deadline, stuff like this happens.
In the grand scheme of things, the CxO considers the short term of cost of dealing with the blunder less than the long term cost of decent devs. Seem reason why software is getting buggier, slower, more bloated, etc.
Off topic: Saw a RHEL errata notice yesterday about version 3.2.32-22 or some such of “at” not properly handling certain situations when running commands. So it’s 2018 and yet a fairly basic app with a crazy high version for its functionality still can’t even do its core functionality correctly without bugs. Yet they expect us to trust self-driving/flying/etc vehicles and such. NO THANK YOU!
Why would you use a fingerprint scanner ? The casing of your laptop and your keyboard is full of your fingerprints. Laptops make it EVEN WORSE BECAUSE OF THE PHYSICAL KEYBOARD!!!!!!!!
I would take the finger print on the letter J, transfer it to wax and be in your computer in less than 5 minutes, 5 minutes ? Well I need to wait for wax to cool and harden...
Do not use bio-metrics on portable devices.
Do not use bio-metrics on portable devices.
Do not use bio-metrics on portable devices.
Do not use bio-metrics on portable devices.
Do not use bio-metrics on portable devices.
Do not use bio-metrics on portable devices.
Do not use bio-metrics on portable devices.
How long .... how long must we sing this song!
“Why would you use a fingerprint scanner ? The casing of your laptop and your keyboard is full of your fingerprints.”
It depends whether you’re using them to logon to the OS. If you’re purely using them to get past the BIOS POST etc, then I don’t see a big problem with fingerprints as one of your factors of authentication. If you go by “something you have and something you know” then there is always the chance of the “something you have” part being stolen along with the actual device being secured.
When you add “something you know” as a password which is not so complicated that people need to write it down, thats not bad for a standard user laptop surely ?
" there is always the chance of the “something you have” part being stolen along with the actual device being secured."
Which is why a 2fa token number should always be accompanied by a pin to gain access. That way even if someone puts their mitts on the seed file they still have to guess the pin.
One shirt with a set of hook-and-loop company names, so you can pick the scapegoat of the day.
Though at that point I suppose you might as well just get a shirt with an e-Ink display. Someone must sell that, right? (Actually a quick search turned up a bunch of prototypes, and fretting about t-shirt advertising from the digiterati, but no actual products. But I didn't put much effort into it.)
So for a fresh ISO install of Windows 10 Pro (yes Pro) the amount of "useful work-related apps" like XBOX, Mail etc.... does not qualify as "Cr*pware". Not to mention the horrible mail app that you can't uninstall without a Powershell hack. Perhaps Windows 10 Pro should be renamed "Windows 10 Home Advance" and release a version that does not, by default install all of these, but have Store and Edge so that those who do want to install those "apps" can......