If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Foistware takes-on a new pervasiveness..
http://blogs.zdnet.com/security/?p=3828 Bad enough the foisted copy of Norton or McAfee that greets you with a registration demand the first time you use your new computer. This takes the biscuit, though. LoJack is software burned-into the BIOS which is only of any use if you subscribe to the third-party service which sponsored this burn-in, and which (according to researchers) opens your computer to exploits even if you don't. Plus, you can't remove it. At least, not without something like an EEPROM programmer. From what I've been able to dig-up, the BIOS module, if activated, writes several DLLs to the windows\system folder such that they are launched at startup. These phone-home to the vendor's site once a day to report the computer's security status. They include an function to remotely wipe the disk on command from the site. The danger here is that malware could similarly activate the BIOS module, but change the URL it phones-home to, giving the intruder the ability to wipe the disk, or other malicious acts. Therefore any computer which has had malware on it is at risk of carrying an exploited copy of this, and even if the malware has been completely removed (or even the hard-disk changed!) the compromised BIOS module may still pose a threat. As for me, I'm just glad I'm using an unaffected model. I think. |
Ads |
#2
|
|||
|
|||
Foistware takes-on a new pervasiveness..
Anteaus wrote:
http://blogs.zdnet.com/security/?p=3828 Bad enough the foisted copy of Norton or McAfee that greets you with a registration demand the first time you use your new computer. This takes the biscuit, though. LoJack is software burned-into the BIOS which is only of any use if you subscribe to the third-party service which sponsored this burn-in, and which (according to researchers) opens your computer to exploits even if you don't. Plus, you can't remove it. At least, not without something like an EEPROM programmer. From what I've been able to dig-up, the BIOS module, if activated, writes several DLLs to the windows\system folder such that they are launched at startup. These phone-home to the vendor's site once a day to report the computer's security status. They include an function to remotely wipe the disk on command from the site. The danger here is that malware could similarly activate the BIOS module, but change the URL it phones-home to, giving the intruder the ability to wipe the disk, or other malicious acts. Therefore any computer which has had malware on it is at risk of carrying an exploited copy of this, and even if the malware has been completely removed (or even the hard-disk changed!) the compromised BIOS module may still pose a threat. As for me, I'm just glad I'm using an unaffected model. I think. Some of this is just what malware could do to you anyway. The novelty is that if your computer is stolen and compromised, even Windows reie! nstalled from what you describe, this thing will override and still attempt to perform its security function. Spoofing the service's Web site with DNS interference is one approach that comes to mind, but you hope the system also has enough security so that it can distinguish its genuine home site from fake. If relatively few people are using this service to protect their data, then either they're paranoid or their data is very, very valuable. An interesting target for hacking. However, if "flush" is the only command that can be given from the server to the PC, malicious opportunities are limited. I'm not sure exactly how you'd do it, threaten damage maybe, so I suppose I'd better stay honest. Well, wait. You'd have to hack the server and get the customer list, and maybe wipe some victim hard disks randomly. Then write to other customers and say you'll hack the service /again/ unless they pay ransom on their own data. Well, more like protection money. And so they say something back to you that I won't write and they tighten up their data backup process. Huh. Okay, you hack the web site, steal customer data, /don't/ demonstrate your powers. . nope. Same problem, you tell your victims about this, they just make their backups. |
Thread Tools | |
Display Modes | |
|
|