If you own a Lenovo Thinkpad, then your online activities may be compromised.
Security blogger Marc Rogers has discovered that, up until January 2015 Lenovo has been pre-installing a piece of software called Superfish on their computers. Superfish is adware, it monitors user activity when browsing the web, and pops up adverts based upon that activity on various web pages.
Rogers reports that Superfish exhibits the following behaviors:
- Hijacks legitimate connections.
- Monitors user activity.
- Collects personal information and uploads it to it’s servers.
- Injects advertising in legitimate pages.
- Displays popups with advertising software.
- Uses man-in-the-middle attack techniques to crack open secure connections.
- Presents users with its own fake certificate instead of the legitimate site’s certificate.
While this sort of behaviour is not unknown in the computer industry, manufacturers bundle computers with bloatware as standard procedure these days, blatantly installing adware is a little eye-raising. But what’s worse here is the way that Superfish works. It performs a man-in-the-middle attack.
A man-in-the-middle attack is when a (usually) malicious program intercepts the traffic between the web server and the users web browser. If then does something with that traffic data. It could be it sends user names and passwords back to the hacker, who then uses them to log in to your bank account and take your money. In this case, Superfish doesn’t do anything so nefarious, it just inserts adverts (which is bad enough.)
However, the good folks at the Internet all got together and came up with HTTPS which makes sure that the traffic between your browser and the web server is a securely encrypted. It does this by using a protocol called Secure Socket Layer or SSL. This makes the man-in-the-middle attack much much harder for an attacker and has been adopted by banks and financial institutions to protect your access to your online accounts. In fact, Google is now strongly encouraging webmasters to use HTTPS for all websites, even ones that don’t handle identity information.
Unfortunately, Superfish circumvents HTTPS by installing a weak security certificate on to the computer. This then fools the web-browser into thinking that it is visiting a secure, legitimate web site. The big problem here is not that Superfish or Lenovo are using this to compromise your computer, it’s that the certificate they’re using is weak and can be cracked very easily using any off the shelf computer hardware. In fact, this has already happened.
Not only that, the certificate isn’t unique to each PC. The same certificate is installed on each and every install of Superfish, meaning that once cracked on one PC, it’s cracked on all PCs, and all a hacker needs to do to get into your secure accounts is to hijack the Superfish software.
It’s bad news all around.
What Can I Do?
It appears that Lenovo is responding to the backlash and has provided removal instructions for Superfish. These instructions tell how to determine if both the application and the insecure certificate are on your computer system, and provide steps for removal.
One thing to note is that some folks have reported that they followed these, and other removal instructions and haven’t been successful in getting rid of Superfish.
It’s important to note that Superfish hasn’t been developed by Lenovo. It’s a third party application, and many of these types of apps try to make themselves incredibly difficult to remove. If you’re finding it difficult to remove this adware, it may be more effective to backup your important files and do a fresh install of your operating system. However, you’ll need a new Windows OS disk. The installation disk originally provided by Lenovo will have Superfish on it, and you’ll be back to square one.
If you are a small or medium enterprise looking at moving some or all of your business functions into the cloud, then this infographic by Speechpath will help you navigate the complexities in making this move.
This guide provides a checklist of things to consider before moving to the cloud. There are a set of steps to migrate to the cloud, a list of benefits in doing so, and the cloud models you can choose from.
The SME’s Guide to Moving to the Cloud is an infographic provided courtesy of speechpath.ie
Today I read an article that was shared through Linked In that recommended that a time poor business should replace their self-hosted website with a Facebook page because
- Facebook costs nothing to set up
- Facebook does not require a domain
- Facebook does not require hosting
- Facebook now has more active users than the world had people 100 years ago
- Facebook has 500 million visits a day
- Maintaining a Facebook Page is easier than maintaining a web site
- Facebook is designed to be a place for networking
To be fair there are certainly some advantages to taking this approach. Facebook is wildly popular and the advantage of getting your business in front of all those eyes is enormous. The costs of using Facebook are very low, the only costs to setup and run a Facebook page is your own time, or the time of someone you hire to do the work. Whether it is easier to run a page rather than a website is debatable. It’s certainly easy to run a Wordpress based website though it does need a little more specialized knowledge.
But this doesn’t mean that you should dump your existing website for a Facebook page. Indeed, even if you don’t have a website yet, that you should solely rely on Facebook for your web presence.
If you don’t have a website get one. It’s that simple. In 2013 and beyond the web will play an ever more important role for business branding. If you don’t take full advantage your business will miss out.
So why shouldn’t you rely on Facebook?
Here are the seven reasons why you shouldn’t replace your website with a Facebook page.
#1 Facebook Controls All Your Content
Every thing you put on Facebook belongs to Facebook. Every status update, every image, every bit of detail about your business becomes a part of Facebook’s data.
And it is not very accessible. The last time I checked, you cannot retrieve all that data at a later date, or transfer it to another website. All you can do is close your account and delete it. And, as I mention later, if Facebook decides to ban your account, it’s gone forever.
With a website however, that data is yours forever. Every blog post, every page or update or image belongs to you. Provided you have a decent backup process you can do anything with that information, including transferring it between websites.
#2 Facebook Regularly Changes Look And Feel
Facebook has regularly made changes to the look and feel of the content on its site. Consider that not too long ago business were able to create custom templates for pages. That’s long gone, with all pages now following the new format.
Aside from the question of how you make your page stand out above the crowd, what happens if Facebook makes a global change to the look and feel of all pages which results in a lower conversion rate?
If you have a website, you can quickly revert changes that have a negative impact on visitors and sales. You can make specific changes and test them before implementation.
#3 Facebook Changes How Users Find You
When you update your page status you’d like each and every fan to see it, right?
Well, the thing is, they won’t.
Facebook have recently stirred the pot revealing that at most only 1/16th of your fans will receive the update in their timelines. The algorithm determines who sees it by using a number of factors including how interesting Facebook thinks it is for each user.
Facebook controls this algorithm, and a single tweak to any number of factors could greatly influence who and how many of your fans see an update. An update about a sale could reach a huge number of users, or it could be virtually invisible.
However, with a good website that captures a contact list of email addresses you can send out your own newsletter with information about sales or events your business is holding, and you can be assured that a high number of your recipients will get your updates; as long as you are not spamming, but that’s another topic.
#4 Facebook Can Ban You Without Warning
If you violate Facebooks terms and conditions your account and page could be suspended or banned without warning.
You could run into trouble even without explicitly breaking Facebook’s rules. There are plenty of unscrupulous internet marketers willing to do almost anything to ruin your reputation including reporting you to Facebook for non-existent infractions.
If Facebook is the only presence your business has on the web, think of what might happen to your sales if it disappears overnight.
Your own website however is far more resistant to negative marketing effects. Google and Bing provide tools to remove negative links, and most domain registrars and web hosts have developed robust processes for complaints and abuse.
#5 Facebook May Not Be Appropriate For Your Business
Despite the massive number of users who use Facebook daily, your business may not be a match for the Facebook.
Where Facebook shines is if you have a business to consumer business. If you sell products and services to the general public, Facebook is a godsend. You can create pages for your fans, ordinary people who love your products. You can send highly targeted advertisements to people who have interests exactly tailored to your demographic.
But if you do business to business, then Facebook may not be appropriate. I’m not saying Facebook isn’t a good venue for your business in this instance, however there is a question that the decision makers in a business will be looking at Facebook when making purchasing decisions.
This is something that you will need to figure out before making any significant investment of time in Facebook marketing. In some cases you may be better off looking at a service like Linked In for B2B social marketing.
#6 Facebook Still Needs Work
The main point of the original article is that having your site on Facebook will make your life easier. And to a certain extent this is true, but you are not going to be able to set up a page on Facebook, never do anything with it, and expect any results.
You know business doesn’t work like that. It requires a lot of work and smart effort.
Having your own website does require more work, mostly in the initial set up of the site, once it’s up and running it’s a matter of adding more content on a regular basis and making sure backups are taken and tweaking as needed.
If you use all the social networking and SEO techniques at your disposal, then your combined efforts will make a self-hosted website far more effective than a Facebook page.
#7 Relying On A Single Third Party Is Dangerous
All of the points above really come down to this: Relying on a single third party in any endeavor is dangerous. It rests your entire business on a single point of failure.
There have been plenty of cases over the years where legitimate internet based business have failed because they relied too much on a single provider. It may have been a business that relied on search services provided by Google only to be crushed when a single algorithm change dried up all search traffic. There have been businesses built on top of Twitter that have failed because Twitter has decided to block their access to the Twitter API.
Even self hosted websites recommended by this article can fall to changes in search. This is why diversification on the internet is so important.
Facebook Is Still Good
Don’t take all that I’ve written above as a reason not to use Facebook. It is still a highly popular service, and if you can figure out how to use it to promote your business (and business web site) then you can improve your sales.
- Create a Facebook page for your products, not just your business.
- Look at sponsored posts. They will extend the reach of your updates.
- Consider Facebook ads. They can be target at very specific demographics.
Rather than just using Facebook to act as your website, or even self-hosting your website your best bet to running a successful website is to use a range of internet services to drive traffic to a well designed site that converts those visitors into customers. Here is how you do it.
- Create an attractive web site designed to showcase your best content using a mix of product or service pages and a blog. If you can add a dynamic service (for example a real estate agent could have a mortgage calculator) then all the better.
- Set up a Facebook page and link it to your website. Try to set it up to build an email list.
- Set up a Linked In page for your business, and a profile for you. Although this is probably more appropriate for a B2B business it can’t hurt for a B2C business either.
- Get on Twitter. Use it to have conversations with fans. You can also link it to blog posts you make.
- Periodically, at least once a month, send out an email newsletter. If you have sales, use the list, Twitter, and Facebook to announce the sale.
Okay. This is a lot more work than just having a simple Facebook page. You will need to devote time each day to writing blog posts, updating Facebook, and tweeting. But then again Facebook itself isn’t a silver bullet to marketing your business. No matter what anyone tells you, you will need to do a lot of work yourself, or have someone else do it for you.
You can’t just set and forget when it comes to marketing your business, not even Facebook.
Another year has all but disappeared. Did it go as quickly for you as it did for me?
I hope it was a great year, one that saw you see some great opportunities and challenges for your business where you were able to make the best of them.
I’d like to wish you all a great Christmas, a refreshing break (if you’re taking one) and a terrific new year with plenty of profitable opportunities.
See you next year.
The Perl scripting language turns 25 years old today.
Did you know that PHP, used to script many thousands of web pages and the language that Wordpress, Joomla, Drupal, and many ecommerce sites use was originally developed as a Perl script?
While PHP was later rewritten in C, it’s arguable that the foundations of the internet were developed on the back of the Perl language.
Happy birthday, Perl!