Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

To: list@xxxxxxxxxxxxx

Subject: Re: [LUG] OT: Fwd: HP and Lenovo caught installing malware in the BIOS

From: Simon Avery <digdilem@xxxxxxxxx>

Date: Mon, 24 Aug 2015 19:48:40 +0100

Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx

Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1428397562; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:To:From:Message-ID:Date:References:In-Reply-To:MIME-Version; bh=NGeAooUrYm2F61K40bGH5Hk/s7Qauemm1KlOjUAhvVU=; b=WxZhqCgsEAINkyoxVFoPOA9X/v57GMWz0bobGoOV9fkiIn4NSdYGZPP3jTQWROiS3TtLzbv5SFBFfDjwc8Cc2dtOX7oicaRs6cFlNMUYqVqW7YMMeizYJTuReX3s/70TsYhG5EUKgJxiKXHWYyLbyEFWZpvYaiKec/s8bDd9OGA=;

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=wYpwNm0why2ZfAdk2mRHe1B9f2LMAKkNoBgO7+t/yEQ=; b=fYq78hR2VGCjftM7HKs8DKVnKa1t3nss7BxRZpxe0EI9pO2aQ1fkOXt0rknRn3mYHd rkiCCkqgMzwOH9M4WgT2UBT1OTG0pOVgMRVcIK9oPBP75omKCKf07btgX+1dW0uzpRQq Q9BM8UFFgVOMwnwImyPZ03r/y3CeEnSWcqtyaOuBl8PsLFK4pyvdDaDyiVwf9w8hGCOH RfQEEyJOdOW1IO7338lI+X0kq9yg9YiVeKwAmKQjQ2d1BA4gfYfPc27BsneMB/spP3tC iVlhV6Pjt18svhHZeiN1QAoMMw1MYMv9JeLM5J7bYTFcNEAbnlSZMC7sWAfQuktKld0D MeUA==

On 24 August 2015 at 19:14, Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx> wrote:

Very good post.

Yes, badapple does have his moments. :)

What was evil is that the software they installed introduced
vulnerabilities onto the laptop, which happened in two instances, which
I believe is unrelated.

Looking at this as a trend over many years, it's created a lot more than just two insecurities through a desire to sell the consumer to third parties in this way. Not just introducing new software to users by being paid as you describe, but by data mining, information-leaking, spyware of many types.Â

Lenovo have merely used a new vector for an old business practice here, but they have done so at significant cost.Â

Trust in this manufacturer, which was bought largely with the purchase of the Thinkpad line, has been eroded with gradually falling quality of this once bomb-proof laptop (watered down for price resulting in flimsy and low quality entry level models).

Another once lucrative line for Lenovo is of course the corporate sector. I can't imagine many of the major buyers of thousands of items at a time looking at these revelations with any please. I suspect HP and Dell will show a small upturn in this market shortly.