D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

 

On 21 Aug 2015, at 12:07, Paul Sutton <zleap@xxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> There was something about this a while back or related.  Lenovo had
> installed spyware or other malaware on the actual computers.
> 
> I guess as they got caught out and decided to find some other tactic
> 
> There was also a report that their sales are down,  this is usually
> attributed to people using phones and tablets more,  however after
> reports such as this,  perhaps we should read in to that differently,
>  The original exposure damaged their reputation,  so is it any wonder
> that people don't trust them,  or may not trust them,  perhaps people
> are starting to wise up,  esp after what Snowden revealed about mass
> surveillance.
> 

no it was different - it was some userland cr-app that did something with about a 
security proxy of some kind, but it actually just relayed your details. 

something fish 

> Paul
> 
> 
> 
> On 21/08/15 09:12, Julian Hall wrote:
>> Hi All,
>> 
>> Received this from a friend.
>> 
>> Julian
>> 
>> 
>> -------- Forwarded Message -------- Subject:         HP and Lenovo caught
>> installing malware in the BIOS Date:         Fri, 21 Aug 2015 08:53:36
>> +0100
>> 
>> So it can't be removed even by reformatting your hard drive...
>> 
>> Apparently this was mandated by Microsoft...
>> 
>> I always said that UEFI was a thoroughly bad concept as it allows 
>> individual OEMs (as well as hackers and spies) to install
>> non-removable crapware.
>> 
>> The bottom line is that you're much better off with old machines
>> with a traditional BIOS. UEFI is just a hacker's paradise :(
>> 
>> http://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/
>> 
>> Fortunately, this time it only affects systems running Windows 8
>> or above. Windows 7 and Linux are unaffected as the malware is run
>> from the Windows stack, but they could have just as easily run it
>> from the UEFI itself and then it would be cross-platform :(
>> 
>> Lenovo have released an updated firmware patch that (allegedly)
>> removes this.
>> 
>> This seems to be a feature of Windows 8 OEM machines (desktops as
>> well as laptops), not specific to Lenovo or HP (They were just the
>> ones where it was discovered first)
>> 
>> Not sure if it exists in the UEFI of OEM motherboards - that would
>> seem unlikely, but you never know.
>> 
>> --
>> 
>> All government snoopers have very small penises
>> 
>> 
>> 
>> 
>> 
>> 
> 
> - -- 
> http://www.zleap.net @zleap14
> @zleap14  diaspora : zleap@xxxxxxxxxxxxxxxx
> Documentation lead @ ToriOS http://www.torios.org
> 
> Torbay Tech Jam http://torbaytechjam.org.uk
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iEYEARECAAYFAlXXBooACgkQaggq1k2FJq139ACfYmcgw0tXaRSUH1rnl7aIRoys
> ydwAniL3Sa0rar5vizM0nNbgCCEzCfgA
> =Vzao
> -----END PGP SIGNATURE-----
> 
> -- 
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq