Musings tagged as lenovo

Lenovo Joins LVFS

Tue, Aug 7, 2018

Great news for a change! Lenovo has joined the Linux Vendor Firmware Service (LVFS). But wait, I hear you say, why should I care? Well, the LVFS is what makes firmware upgrades possible natively under Linux. In a nutshell this means in the not so distant future, it will be possible to update the UEFI bios of your Lenovo laptop natively via your local Linux installation. Awesomesauce!

Lenovo has been my goto laptop brand for years now. There are two main reasons for this:

  1. The hardware used in Lenovo laptops usually is well-supported by Linux. And why would you burden a nice piece of hardware with spyware crap like Windows?
  2. Lenovo publishes hardware maintenance manuals for their devices where you can read up on how to disassemble your laptop without breaking stuff to repair certain components yourself. Especially handy once you are out of warranty.

So now my favourite hardware manufacturer and my favourite OS move even closer together. This translates to very cool beans!

A new cryptojacking campaign is going around which leverages a vulnerability in the Drupal content management system. Security researcher Troy Mursch has a nice writeup on the issue and also runs a list of affected sites.

Basically the vulnerability is exploited to install cryptomining javascript code which then leverages the CPU of website visitors to mine cryptocurrency.

Among the affected sites are also such names as Lenovo, the UCLA, the Turkish Revenue Administration Aydin Tax Office (oh sweet irony), and DLink Brazil. Serving as an important reminder what can happen if you do not update your shit!

1