| insecure BIOS 'rootkit' pre-loaded in laptops Check this out. Unnerving to say the least...
Researchers find insecure BIOS 'rootkit' pre-loaded in laptops (ZDNet)
»blogs.zdnet.com/security/?p=3828&tag=nl.e539
--
If I can only find my keys... |
|
|
|
2 edits | Nice to know the newer Laptops are coming standard with Low-Jack, and that they will phone home, and give Companies/Government the option to alter your system without your knowledge.
So anyone who buys one of the following will possibly have the Low-Jack backdoor:
# OEM Partners
* ASUS
* Dell
* Fujitsu
* GammaTech
* Gateway
* GD Itronix
* Getac
* HP
* Lenovo
* Motion
* Panasonic
* Toshiba |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to aussiedog
quote:
Computrace LoJack for Laptops ... is a software agent that lives in the BIOS and periodically calls home to a central authority for instructions...
... it has to be stealthy, must have complete control of the system and must be highly-persistent to survive a hard disk wipe or operating system reinstall.
Isn't that a definition of a trojan/rootkit?
I always wonder why so many people have a big desire to be slaved and put an ID tag into everything, including their foreheads?
--
Keep it simple, it'll become complex by itself... |
|
SUMwarePremium
join:2002-05-21
kudos:2 | reply to aussiedog
· View the research paper (pdf)
· How to remove Computrace Lojack |
|
| Thanks for the further information, SUMware.
--
If I can only find my keys... |
|
SUMwarePremium
join:2002-05-21
kudos:2 | You're welcome. Hope that you find the info helpful. |
|
| reply to aussiedog
Seems innocent enough, at first, and if big bro wasn't big bro, then maybe it could be a useful function. But unfortunately We've allowed successive taxpayers representatives to make law after law, continually eroding our liberties and privacy etc for far too long.
Thanks for the heads up, and the removal links everyone. |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
 ·PHONE POWER
 ·Comcast
| reply to aussiedog
Seems like its integrated into windows... I assume it does nothing if you're running Linux?
Yet another reason, as if you needed another, to avoid Windows.
--
My place : »www.schettino.us |
|
| reply to aussiedog
Here's a link to Absolute Software's response to the Ortega/Sacco study.
»www.absolute.com/company/pressro···es_claim
And another thread on the subject here (DSLR):
»Anti-theft software could create security hole
--
If I can only find my keys... |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA | So, they're saying its not actually possible on shipping systems and its not a rootkit.
Yep. Sounds more likely.
--
My place : »www.schettino.us |
|
SUMwarePremium
join:2002-05-21
kudos:2
4 edits | reply to aussiedog
said by Absolute Software :
In the event of theft, contact us. The next time your computer connects to the internet, our Theft Recovery Team will forensically mine your computer using a variety of procedures including key captures, registry scanning, file scanning, geolocation, and other investigative techniques to determine who has your computer and what they're doing with it.
[some emphasis added]
Absolute Software Overview (pdf) quote:
The Computrace® Agent by Absolute Software is a small software client that is embedded into the firmware of a computer at the factory. Through our strong relationships with computer manufacturers, most computers roll off the assembly line with our Agent already embedded. Or it can be easily installed with a simple download. Once activated, the Agent maintains daily contact with the Absolute Monitoring Center. This daily contact allows IT asset managers to manage their IT assets (on or off company networks). By logging into the Absolute Customer Center they can monitor their devices, knowing where they are, who’s using them, and what types of software and other applications reside on them. If a computer is reported stolen, the Computrace Agent silently transmits data back to the Absolute Monitoring Center.
Regardless of recovery status, our customers can remotely delete data to remove some or all of the information stored on a computer so that it doesn’t fall into the wrong hands. This allows our business subscribers to comply with government and corporate regulations regarding business and customer data. The audit reports generated after a data delete command provides them with proof of their compliance. For individual subscribers, data delete allows them to protect their privacy by keeping banking information, photos and other private information out of the hands of thieves.
Delete data on missing computers and produce an audit log of the deleted files to prove compliance with government and corporate regulations. Set alerts to be notified if noncompliance activities occur, including initiating a process to wipe a device clean if pre-set criteria is met.
Use GPS or Wi-Fi technology to track assets on a Google map. See current and historical locations within about 33 feet.
[some emphasis added]
BIOS Compatibility Makes & Models
»www.absolute.com/company/pressro···es_claim
quote:
If a valid Computrace installation is removed or damaged the persistent BIOS module will self-heal and restore the software and administrator's settings.
|
|
OZOPremium
join:2003-01-17
kudos:2 | Thanks, SUMware  . Good to know that:
This daily contact allows IT asset managers to manage their IT assets (on or off company networks). By logging into the Absolute Customer Center they can monitor their devices, knowing where they are, who’s using them, and what types of software and other applications reside on them. And it includes key captures, file scanning and other activities...
Regardless of recovery status, our customers can remotely delete data to remove some or all of the information stored on a computer Does the service include setting up a fire on stolen computer? Or it will be implemented in next release?
Use GPS or Wi-Fi technology to track assets on a Google map. See current and historical locations within about 33 feet. And who supposed to believe that BS? The naive buyer, who deliberately wants to buy a computer with embedded rootkit?
--
Keep it simple, it'll become complex by itself... |
|
