Jump to content

Search the Community

Showing results for tags 'firm'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. HARDWARE FIRM Lenovo has been accused of offering its customers another free bonus security threat just weeks after the Superfish scandal. The firm has already fixed the problem, but the news, and its description as another "massive security risk", isn't good. Superfish was a scandal for the firm and affected a lot of its hardware. Lenovo disabled the software and took any associated financial losses on the chin. Ultimately, the firm said that it had failed its customers. "We recognise that the software did not meet that goal and have acted quickly and decisively. We are providing support on our forums for any user with concerns," Lenovo said at the time. "Our goal is to find technologies that best serve users. In this case, we have responded quickly to negative feedback and taken decisive actions to ensure that we address these concerns." Today we asked the firm to comment on the findings of IOActive Lab researchers who accused it of major vulnerabilities and a system that enables the creation and exploitation of fake credentials and the handing over of system control. IOActive Lab said in a security report (PDF) that the problem has been fixed, but that it had granted attackers the same kind of access as a system update, and allowed for the execution of code. Attackers could exploit an flaw in Lenovo's certificate authority methods, and use it to sign off their own executables which could have a range of capabilities. "Local and potentially remote attackers can bypass signature validation checks and replace trusted Lenovo applications with malicious applications," said the advisory. "These applications will then be run as a privileged user. The System Update downloads executables from the internet and runs them. "Remote attackers who can perform a man-in-the-middle attack can exploit this to swap Lenovo's executables with a malicious executable. "The System Update uses TLS/SSL to secure its communications with the update server, which should protect against [such] attacks. "In a statement Lenovo told the INQUIRER that it worked with the security firm after it was notified and patched the problem in April. It added that it appreciates the assistance, explaining that its update fixed all issues. "Lenovo's development and security teams worked directly with IOActive regarding their System Update vulnerability findings, and we value their expertise in identifying and responsibly reporting them," it said. "Lenovo released an updated version of System Update which resolves these vulnerabilities and subsequently published a security advisory in coordination with IOActive. Lenovo recommends that all users update System Update to eliminate the vulnerabilities reported by IOActive." Source
×
×
  • Create New...