[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
From: mr meowski <mr.meowski@xxxxxxxx>
Date: Sat, 22 Aug 2015 17:11:12 +0000
Accept-language: en-GB, en-US
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=mr.meowski@xxxxxxxx;
Content-id: <1F979D96EF32D54A8072A8E4D3A1A5FA@eurprd09.prod.outlook.com>
Content-language: en-US
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1428397562; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:MIME-Version:Content-ID:In-Reply-To:References:Message-ID:Date:To:From; bh=sCmzougEhyhsh59lAihvv/BM36h66dyTQfoHtAOaSIQ=; b=NBSd1ziFDyNUm5fIWNgmMPi6RTQoy7c1s57r9n8vZMEj2IFcCo3EUeGUsPiWsAbXyNiCQPROfvjDbq9NQlQuw/LBwEoeqvo/d89AYMfrG3q5KPqF9i6TUjhzOW8WJafoUaq17k+JGPX909F42RTRk+7ABK8T1+x8E6hLQHrzExQ=;
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:23
Thread-index: AQHQ2+lDlFaSdGz9mEWnK9dbM+4e8p4YQzmA
Thread-topic: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

On 21/08/15 09:12, Julian Hall wrote:
> Hi All,
> 
> Received this from a friend.

You're all a bit late on this - it's been in the wild for months and in
the tech news for weeks. There's an incredibly vague news article today
noting that Lenovo are probably just about to get busted *again* for
some kind of unsavoury crapware shenanigans:

http://yro.slashdot.org/story/15/08/22/0723225/yet-another-compromising-preinstalled-glitch-in-lenovo-laptops

Nothing to worry about for this crowd, 'cos you're all going to be
installing Linux over the pre-installed Windows on your Lenovo laptops
right? This is a windows-only thing: the UEFI can be set to
automatically trigger actions such as file upgrades/reinstalls but
relies on an actual windows install being in place to hand over it's
trigger commands to and actually carry out - it's not like the lifecycle
controller functionality you get on a modern Dell rack server for
example which can boot to UEFI and then use ftp to contact Dell
repositories and upgrade all of it's own firmware/BIOS/UEFI/etc components.

So feel free to keep your tin foil hats on but you don't need to throw
out your computers quite yet: this is just Lenovo being absolute morons.
You also only get this on bargain basement cheap-as-chips Windows Home
models - your nice expensive business orientated ThinkPad's will be free
of this financially motivated crapware.

I know there's a fair amount of FUD about UEFI around here, but this is
just a single stupid OEM inappropriately leveraging a legitimately
useful feature for their own gain: they've already been caught, making
it considerably less likely than any other manufacturers will try the
same trick. I for one don't miss the stupid brain-dead legacy BIOS one bit.

I guess what I'm saying is don't fear UEFI, don't buy Lenovo and keep
calm and carry on. Oh, and install Linux, obviously.

Cheers

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
- From: Martijn Grooten

References:
- [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
  - From: Julian Hall

Prev by Date: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
Next by Date: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
Previous by thread: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
Next by thread: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS
Index(es):
- Date
- Thread