On Thu, 13 Aug 2015 02:11:19 PM Andrew McGlashan wrote:
You screw up that bad and you don't deserve to get a second chance. And it was a mighty big screw up indeed.
Lenovo screwed up again, this time, even worse! Seems they are another Sony in root kit territory, but much worse because they are working at the BIOS level to compromise computers now.
http://www.itnews.com.au/News/407868,lenovo-rootkit-loaded-bloatware-onto-c lean-windows-installs.aspx
This is really bad, here are some of my thoughts about it: http://www.ucs.cam.ac.uk/support/unix-support/misc/horror # the BIOS on a Lenovo computer would check a file to see if it was from the PC # manufacturer or Microsoft - if the latter, it would be deleted and replaced # by a Lenovo one Firstly this has a lot of potential for things to go wrong. Any case where files are automatically deleted or overwritten has potential for a bad result. The Unix Horror Stories (see above URL) has an anecdote about a script to automatically delete files named "core", so it's not as if automatic deletion is a new problem that people can be reasonably unaware of. Also replacing a Windows file from MS has potential for bad things to go wrong when there's a routine Windows patch that depends on the MS version of that file. I can imagine "patch Tuesday" causing all Lenovo systems running Windows to fail at once... Another concern is when the NTFS filesystem format changes. MS reserves the right to make changes to their filesystem at will. For a long time the Linux NTFS code refused to mount NTFS read-write and many people still try to avoid such things due to the risk of dealing with reverse engineered filesystem code. Even if the BIOS was doing something useful I wouldn't want it messing with a filesystem on any computer I ran. # System data was also sent to Lenovo by the rootkit. This included the system # unique identifier, type and model, the region it was set to, and the date. # Lenovo said no personally identifiable information was gathered. This is incorrect. There has been a lot of research on ways of recovering PII from summary data such as phone call records, both theoretical attacks (by people who want less data to be stored) and practical attacks by law enforcement and military organisations. It wouldn't be difficult to intercept those system IDs from a conference like LCA, combine that with the delegates list and then work out who has which Thinkpad when people use them at home. # The fact that the program in question is vulnerable to buffer overflow attacks # makes it even more of a problem. # # The PC maker used a Microsoft feature called Windows Platform Binary Table # (WPBT) to run the program that downloaded its software. # # This is a permanent table used by the Advanced Configuration and Power # Interface management system in PCs, and provides an address to an executable # file copied to physical memory from firmware, which in turn can be run by # Windows. I presume that Linux won't just run programs on request of the BIOS so this particular attack won't be a problem. But the case of a BIOS that runs the OS in a VM with a corrupt environment or interferes with the boot loader code to compromise the kernel is still going to be a potential issue. Now the question is what vendor do I use for my next Laptop? I think that Lenovo has demonstrated that they can't be trusted. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/