blind_html Fwd: BAH Recent LapTop Purchasers Should Be Sure To ReadThis

  • From: Nimer Jaber <nimerjaber1@xxxxxxxxx>
  • To: blind_html@xxxxxxxxxxxxx
  • Date: Sun, 02 Aug 2009 01:15:30 -0600



-------- Original Message --------
Subject: BAH Recent LapTop Purchasers Should Be Sure To ReadThis
Date: Sat, 1 Aug 2009 20:32:22 -0400
From: Lisa <whitedove621@xxxxxxxxxxxxx>
Reply-To: blindAccessHelp@xxxxxxxxxxxxxxx
To: <blindAccessHelp@xxxxxxxxxxxxxxx>


When you've read this you'll know as much as we do.
LAS VEGAS -
A piece of anti-theft software built into many laptops at the factory opens 
a serious
security hole, according to research presented Thursday.
The "Computrace" software, made by Vancouver-based Absolute Software Corp., 
is part
of a subscription service that's used to find lost or stolen computers. Many 
people
don't know it's on their machines, but it's included in computers from the 
biggest
PC makers.
The software is built into computers at the factory because that embeds it 
so deeply
that even the extreme act of uninstalling the operating software won't 
delete it.
The software is included in a part of the computer known as the BIOS, which 
refers
to programs used to boot the computer.
The service Absolute sells can be valuable because sensitive data can be 
purged remotely
from a stolen machine. The computer is still able to reach out to a 
specially designated
Web site for instructions even if a criminal is tampering with the machine.
But research by Alfredo Ortega and Anibal Sacco with Boston-based Core 
Security Technologies,
and presented Thursday at the Black Hat security conference here, shows it 
can cut
two ways.
If a criminal has infected a computer that has the Computrace technology, he 
can
take deep control of a machine.
That's because he's able to modify the computer's settings to maintain a 
connection
with that machine even if the operating software is uninstalled then 
reinstalled
— an extreme way, but sometimes the only way, to make sure a computer is 
cleaned
of viruses.
"You have something that's pre-installed, and considered non-malicious, that 
you
can manipulate and turn into a malicious program — that's pretty unique," 
said Ivan
Arce, Core Security's chief technology officer.
Arce said Absolute can fix the problem with an update to the software that 
is then
pushed out to affected computers. He added that users can disable the 
software's
ability to be a problem on their own, too. It takes some technical know-how, 
though.
"It's not hard to block once you know what to look for," Arce said.
Absolute spokesman Craig Clark said the company would comment after Core's 
presentation
Thursday, but then did not make anyone available. He said Absolute's 
technical team
"needs to understand the concerns Core has raised before they can speak to 
it accurately."
Roel Schouwenberg, a senior antivirus researcher with Kaspersky Lab, said 
the vulnerabilities
Core Security found could be a "pretty big challenge for the security 
community"
if they're exploited. But he added that the special access a hacker can get 
is undermined
somewhat by the fact malicious programs they try to download still have to 
come into
the computer the same way they always do, and can be protected against.
Any files that download "will not be stealth, they will not be hiding, they 
will
be visible on the system," Schouwenberg said. "Anti-malware (software) will 
be able
to scan them. It could have been a whole lot worse."


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4297 (20090801) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





------------------------------------

Blind Access Help...The blind leading the blind towards successful lives and careers.

List owner Jimmy.
Co Owner, Nimber.
Moderators, Inthane, Silvia and Cory.
http://groups.yahoo.com/group/blindaccesshelp

If you have any questions or have problems with the list, please email the management at
blindaccesshelp-owner@xxxxxxxxxxxxxxx


Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/blindAccessHelp/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/blindAccessHelp/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:blindAccessHelp-digest@xxxxxxxxxxxxxxx 
    mailto:blindAccessHelp-fullfeatured@xxxxxxxxxxxxxxx

<*> To unsubscribe from this group, send an email to:
    blindAccessHelp-unsubscribe@xxxxxxxxxxxxxxx

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

blind_html To unsubscribe, please send a blank email to blind_html-request@xxxxxxxxxxxxx with unsubscribe in the subject line. To access the archives, please visit: http://www.freelists.org/archive/blind_html Thanks

Other related posts:

  • » blind_html Fwd: BAH Recent LapTop Purchasers Should Be Sure To ReadThis - Nimer Jaber