Skip to content


Lenovo *still* shipping laptops with Superfish

One would think Lenovo would have done some work to scrub the existing inventory in their own warehouses after the debacle around Superfish leaked last month. It’s clear that they haven’t.

My wife and I just ordered a Yoga 2 Pro late last week to replace our old MacBook Pro 2011 that died recently with motherboard failure. We received the Yoga 2 Pro today and as I set it up. I removed the various bundled crapware applications and I was sure that Lenovo would had the sense to clean-up their Superfish mess (at least on all inventory that didn’t ship yet out to resellers) but they didn’t even do that.

I was shocked to see Windows Defender find Superfish and nuke it.

Yoga 2 Pro with Superfish Edition, March 2015
Yoga 2 Pro: Superfish Edition, March 2015

This is very surprising to me. Lenovo got rightfully hammered for the decision to bundle Superfish with their products and I thought they had righted their wrongs. They make great hardware and I happen to love the Yoga series units, but this is very dissapointing. I see others are finding out the same thing.

Ugh! Get it together Lenovo. You make great hardware, but the revenue stream from bundled apps and malware is damaging whatever brand you have left.

Wait, that was my tweet! Tweet theft as fake user and bot obfuscation

Tweet theft is nothing new. The typical scenario on tweet theft is when someone tweets a witty comment or insight when the actual source is intentionally uncredited. There are shades of variation on referencing a source on tweet but lack of skills aside, it’s not hard for the reader to determine if the tweeter is taking the content as their own or giving credit where credit is due. Plagiarism is alive and well in social media and all media. But, I’ve seen something interesting lately around the purpose of the co-opting of my tweets that’s an interesting pattern to track.

I’m no celebrity of any kind, so there is really no reason to rip off what I write or reference on Twitter and take it as your own. I do run my own URL shortener ( and I’m the only one that generate the short urls. People often reference, quote, retweet, and even modify my tweets as per the usual activity on Twitter. New links posted in tweets get an immediate influx from various bots (around 20-30 usually) cataloging and exploring any new URL posted on the social network. I’ve seen over the last few years that the initial influx of traffic on a new link posted to Twitter (without any human really even clicking on the link in the tweet) typically max-out at around 30 connections or so, then subside after 10-15 minutes. But recently, I’ve noticed an uptick in activity on older tweets/links of mine and I wanted to know why. 

Here are some recent examples of verbatim duplicates of some past tweets without any reference to the source creator of the original tweet.

tweet theft 1

tweet theft 2Looking at the Twitter handles, you can see these are bot-generated users. These are garbage users. They have real names assigned to the accounts, but the user handles are clearly junk and usually not even connected to the bots name. Here are a few more:

tweet theft 3

tweet theft 4

There are many, many more examples. Not only do all these examples have bogus handles, but they also have very minimal followers and are probably centrally managed and used as bots. The only explanation on this sort of activity has to be to an attempt by the various Twitter spam and user herders to obfuscate that these accounts are real people. I’m sure my tweets are just randomly selected and sucked-up by the bot system to be regurgitated out as real posts from the accounts these fakers want to try and pass as genuine on the social network.

Please comment if you have seen this happen to you. The only way I could even notice it was that I run my own URL shortener and could see odd activity. This has to be a pretty rampant tactic to try and herd and sanitize accounts, but I still can see it being all that effective.

Fastrak not working? Maybe it’s a dead battery


We’ve used Fastrak ever since it started when I commuted to Berkeley from San Francisco. I’ve never had problems until recently when we were not getting any recognition of the unit at the toll plaza. No ding sounds or anything. We thought nothing of it, but when the violations arrived in the mail we had to resolve it. Even though we rarely pass over bridges nowadays, Fastrak can come in handy at SFO for parking.

I called the Fastrak service number (877-229-8655) and let them know the problems. The service rep corrected the violations. She also noticed my license plate number was slightly off, so the violation pre-check/match didn’t happen. After that was settled, I told her the issue with the unit. She said it was probably the battery and they would send a replacement unit out.

I had no idea there was a battery in there. It is not field replaceable either. So, she’s sending a new unit and I will send back the old one. I bet I had that original one for around 9 years or so.

Phishing emails are getting very good

I know what to look for and check and this took quite a while. Wow. Of course, the largest tip-off that this is a fraud is that someone at Wells Fargo (or any bank) is actually trying to proactively help you with anything. That never happens. But, digging deeper into the message source, you see stuff that I haven’t seen before. They are inserting more “Received:” headers to mask the real one from Taiwan.



Most people will never even look at the message source at all, but even when you do and see this, it still takes a while because it can really look legit with all the bogus and postini references.

Man, it’s tough out there in email world nowadays. The payload was a .scr file for Windows by the way in a Zip file.



This is going to levels I have never seen before. I don’t know how regular folks on Windows will be able to survive even with security if this continues to accelerate and get more and more sophisticated. I suppose just not allowing any files to be sent via email is going to be the eventual step that might curb this sort of malware infection path, but I’m sure there will be more and more doors opening for every one we close.