Showing posts with label Lenovo. Show all posts
Showing posts with label Lenovo. Show all posts

Tuesday, March 31, 2015

Security: 2015q1 Concerns

Viruses, Worms, Vulnerabilities and Spyware concerns during and just prior 2015 Q1.

  • [2015-03-07] Litecoin-mining code found in BitTorrent app, freeloaders hit the roof
    "μTorrent users are furious after discovering their favorite file-sharing app is quietly bundled with a Litecoin mining program. The alt-coin miner is developed by distributed computing biz Epic Scale, and is bundled in some installations of μTorrent, which is a Windows BitTorrent client. Some peeps are really annoyed that Epic's code is running in the background while they illegally pirate torrent movies and Adobe Creative Suite Linux ISOs, and say they didn't ask for it to be installed."

  • [2015-03-06] FREAKing HELL: All Windows versions vulnerable to SSL snoop
    "Microsoft has confirmed that its implementation of SSL/TLS in all versions of Windows is vulnerable to the FREAK encryption-downgrade attack. This means if you're using the firm's Windows operating system, an attacker on your network can potentially force Internet Explorer and other software using the Windows Secure Channel component to deploy weak encryption over the web. Intercepted HTTPS connections can be easily cracked, revealing sensitive details such as login cookies and banking information, but only if the website or service at the other end is still supporting 1990s-era cryptography (and millions of sites still are)."

  • [2015-03-05] Broadband routers: SOHOpeless and vendors don't care
    "Home and small business router security is terrible. Exploits emerge with depressing regularity, exposing millions of users to criminal activities. Many of the holes are so simple as to be embarrassing. Hard-coded credentials are so common in small home and office routers, comparatively to other tech kit, that only those with tin-foil hats bother to suggest the flaws are deliberate."
  • [2015-03-05] Obama criticises China's mandatory backdoor tech import rules
    "US prez Barack ‪Obama has criticised China's new tech rules‬, urging the country to reverse the policy if it wants a business-as-usual situation with the US to continue. As previously reported, proposed new regulations from the Chinese government would require technology firms to create backdoors and provide source code to the Chinese government before technology sales within China would be authorised. China is also asking that tech companies adopt Chinese encryption algorithms and disclose elements of their intellectual property."
  • [2015-03-05] Sales up at NSA SIM hack scandal biz Gemalto
    "Sales at the world's biggest SIM card maker, Gemalto, which was last month revealed to have been hacked by the NSA and GCHQ, rose by five per cent to €2.5bn (£1.8bn) in 2014. Following the hack, the company's share price fell by $470m last month. In February, it was revealed that the NSA and Britain's GCHQ had hacked the company to harvest the encryption keys, according to documents leaked by former NSA sysadmin, whistleblower Edward Snowden."

  • [2015-02-24] SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog
    "Essentially, Comodo's firewall and antivirus package Internet Security 2014, installs a tool called PrivDog by default. Some versions of this tool intercept encrypted HTTPS traffic to force ads into webpages. PrivDog, like the Lenovo-embarrassing Superfish, does this using a man-in-the-middle attack: it installs a custom root CA certificate on the Windows PC, and then intercepts connections to websites. Web browsers are fooled into thinking they are talking to legit websites, such as online banks and secure webmail, when in fact they are being tampered with by PrivDog so it can inject adverts. If that's not bad enough, PrivDog turns invalid HTTPS certificates on the web into valid ones: an attacker on your network can point your computer at an evil password-stealing website dressed up as your online bank, and you'd be none the wiser thanks to PrivDog."
  • [2015-02-23] Psst, hackers. Just go for the known vulnerabilities
    "Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago, according to HP, which recorded an increase in the level of mobile malware detected. “Many of the biggest security risks are issues we’ve known about for decades, leaving organisations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP. “We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organisations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk," he added."

[Chinese Virus Image, courtesy WatchChinaTimes.com]
  • [2015-02-20] So long, Lenovo, and no thanks for all the super-creepy Superfish
    "Chinese PC maker Lenovo has published instructions on how to scrape off the Superfish adware it installed on its laptops – but still bizarrely insists it has done nothing wrong. That's despite rating the severity of the deliberate infection as "high" on its own website. Well played, Lenonope. Superfish was bundled on new Lenovo Windows laptops with a root CA certificate so it could intercept even HTTPS-protected websites visited by the user and inject ads into the pages. Removing the Superfish badware will leave behind the root certificate – allowing miscreants to lure Lenovo owners to websites masquerading as online banks, webmail and other legit sites, and steal passwords in man-in-the-middle attacks."

  • [2015-02-15] Mozilla's Flash-killer 'Shumway' appears in Firefox nightlies
    "Open source SWF player promises alternative to Adobe's endless security horror. In November 2012 the Mozilla Foundation announced “Project Shumway”, an effort to create a “web-native runtime implementation of the SWF file format.” Two-and-a-bit years, and a colossal number of Flash bugs later, Shumway has achieved an important milestone by appearing in a Firefox nightly, a step that suggests it's getting closer to inclusion in the browser. Shumway's been available as a plugin for some time, and appears entirely capable of handling the SWF files."

  • [2015-01-29] What do China, FBI and UK have in common? All three want backdoors...
    "The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over. Suppliers of hardware and software must also submit to invasive audits, the New York Times reports. The new requirements, detailed in a 22-page document approved late last year, are ostensibly intended to strengthen the cybersecurity of critical Chinese industries. Ironically, backdoors are slammed by computer security experts because the access points are ideal for hackers to exploit as well as g-men."
     
  • [2015-01-15] Console hacker DDoS bot runs on lame home routers
    "Console DDoSers Lizard Squad are using insecure home routers for a paid service that floods target networks, researchers say. The service crawls the web looking for home and commercial routers secured using lousy default credentials that could easily be brute-forced and then added to its growing botnet. Researchers close to a police investigation into Lizard Squad shared details of the attacks with cybercrime reporter Brian Krebs. The attacks used what was described as a 'crude' spin-off of a Linux trojan identified in November that would spread from one router to another, and potentially to embedded devices that accept inbound telnet connections. High-capacity university routers were also compromised in the botnet which according to the service boasted having run 17,439 DDoS attacks or boots at the time of writing."
  • [2014-12-14] CoolReaper pre-installed malware creates backdoor on Chinese Androids
    "Security researchers have discovered a backdoor in Android devices sold by Coolpad, a Chinese smartphone manufacturer. The “CoolReaper” vuln has exposed over 10 million users to potential malicious activity. Palo Alto Networks reckons the malware was “installed and maintained by Coolpad despite objections from customers”. It's common for device manufacturers to install software on top of Google’s Android mobile operating system to provide additional functionality or to customise Android devices. Some mobile carriers install applications that gather data on device performance. But CoolReaper operates well beyond the collection of basic usage data, acting as a true backdoor into Coolpad devices - according to Palo Alto.CoolReaper has been identified on 24 phone models sold by Coolpad."

  • [2014-11-24] Regin: The super-spyware the security industry has been silent about
    "A public autopsy of sophisticated intelligence-gathering spyware Regin is causing waves today in the computer security world... On Sunday, Symantec published a detailed dissection of the Regin malware, and it looks to be one of the most advanced pieces of spyware code yet found. The software targets Windows PCs, and a zero-day vulnerability said to be in Yahoo! Messenger, before burrowing into the kernel layer. It hides itself in own private area on hard disks, has its own virtual filesystem, and encrypts and morphs itself multiple times to evade detection. It uses a toolkit of payloads to eavesdrop on the administration of mobile phone masts, intercept network traffic, pore over emails, and so on... Kaspersky's report on Regin today shows it has the ability to infiltrate GSM phone networks. The malware can receive commands over a cell network, which is unusual."




Posted by at 1 comment:
Labels: , , , , , , , , , , , , , , , , , , ,

Thursday, April 17, 2014

Hardware: American Sell-Off with IBM and Google

[IBM Logo, courtesy IBM]

Abstract:
As the misguided U.S. economy continues to run up massive debt and continue massive trade deficit, the sell-off of U.S. High Technology assets continues to non-U.S. companies, fat with outsourcing cash. Lenovo, a Chinese company, continues their purchases in the United States of inventors of technologyu.
[Chinese glorifying revolution, courtesy, The Telegraph]
Chinese Lenovo Purchasing U.S. Hard Technology

Chinese global company Lenovo has been purchasing their way into the U.S. market through many technologies essentially invented in the United States. IBM seems to be the most significant seller.

[IBM PC, courtesy Wikipedia]
  • 2005-05-01 - PC Division acquired from IBM (PC's and ThinkPad Laptops)
    Chinese computer maker Lenovo has completed its $1.75 billion purchase of IBM’s personal computer division, creating the world’s third-largest PC maker, the company said Sunday. The deal — one of the biggest foreign acquisitions ever by a Chinese company
    [IBM Thinkpad, courtesy tecqcom]
  • 2006-04-10 - Lenovo makes break with the IBM brand (on PC's, not ThinkPad Laptops)
    Since Lenovo took over the IBM personal computer business on May 1, 2005, the company's advertising and marketing efforts have excluded IBM almost entirely. The four television spots that Lenovo ran during the Turin Winter Olympics, for example, never mentioned IBM at all. In fact, the only connection to the iconic brand is the IBM logo, which still adorns Lenovo's ThinkPad laptops.
  • 2013-01-07 - Lenovo to create ThinkPad-focused business unit to compete at the high end
    Lenovo is reorganizing its operations into two business groups... As part of the restructuring, it will create two new divisions, Lenovo Business Group and Think Business Group.The reorganization, which will be completed on April 1 [2013]
    [IBM Servers, courtesy Wikipedia]
  • 2014-01-23- Lenovo to buy IBM's x86 server business for $2.3bn (PC Servers)
    Lenovo and IBM announced on Thursday they have signed a definitive agreement that will see the Chinese hardware giant acquire the IBM's x86 server business for the tidy sum of $2.3bn, with approximately $2bn to be paid in cash and the balance in Lenovo stock.
    Adding to the PC business Lenovo acquired from IBM in 2005, Lenovo will take charge of IBM's System x, BladeCenter and Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking and maintenance operations.
    [Motorola Droid RAZR, courtesy Wikipedia]
  • 2014-01-29 - Motorola Cellphone Company acquired from Google (by Lenovo)
    Lenovo has signed a deal to buy the loss-making Motorola Mobility smartphone manufacturer for $2.91bn, but a switched-on Google is keeping the patents owned by the firm it gobbled two years ago for $12.5bn.
    "The acquisition of such an iconic brand, innovative product portfolio and incredibly talented global team will immediately make Lenovo a strong global competitor in smartphones," said Lenovo's CEO Yang Yuanqing. "We will immediately have the opportunity to become a strong global player in the fast-growing mobile space."
  • 2014-01-29 -  Lenovo splits into 4 groups after buying IBM's server business
    A few days after announcing its plan to buy IBM’s x86 server business, the Chinese company is dividing its operations into four business groups... enterprise products... developing a software ecosystem...PCs and mobile products. The changes go into effect on April 1 [2014]
Clearly, Lenovo has a vision for the U.S. Market and is executing upon it. How unfortunate that American companies such as IBM and Google see little value or possibility in domestic hardware innovation, moving into the future.
[HP Logo, courtesy eWeek]
Impacts in the U.S. Market

There is a great deal of uncertainty felt by partners and customers of IBM through such acquisitions. Previous attempts to leverage the IBM logo to help assure customers was performed, but with the latest purchase - competitors such as HP are seeing the a lot of noise.
  • 2014-04-11 - HP: Lenovo's buy of IBM x86 biz is bad, bad, bad...
    "Customers and partners are concerned. They are concerned about what the future will be for them – not only in the product but also in support and services," claimed the exec veep and GM of the Enterprise Group.
    HP has an internal migration programme to support customers with IBM servers as they decide to make the switch, he pointed out.
    But providing maintenance support is something that HP and other vendors already offer on third-party kit as standard.
HP was tried to consolidate all of their computing systems under Intel Itanium, before trying to shut them all down. HP also tried to sell off their PC business, but relented, possibly due to customer pressure. How conservative customers who would only buy IBM will respond in the U.S. to their favorite manufacturer leaving the industry may not be a difficult conclusion to reach, especially from companies like HP.
It
Concluding Thoughts:
The massive technology bleed from the United States is partially due to commoditization, but also due to the migration to Cloud and Appliances and value provided by Intel computing vendors becoming less significant with Intel shipping entire motherboards bundling CPU, Floating Point, Memory Management Units, Ethernet, and most recently Video. Cell phones appear to be drastically simplifying, as well. Perhaps there was nothing of value left for Intel or cell phone based manufacturers to do? Can Apple buck the trend?


Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)