Úvodní stránka » Nezařazené » Lenovo Ideapad y550a Battery all-laptopbattery.com

Lenovo Ideapad y550a Battery all-laptopbattery.com

The WPBT is stored in the firmware, and tells Windows where in memory it can find an executable called a platform binary to run. Said executable will take care of the job of installing files before the operating system starts."During operating system initialization, Windows will read the WPBT to obtain the physical memory location of the platform binary," Microsoft’s documentation states."The binary is required to be a native, user-mode application that is executed by the Windows Session Manager during operating system initialization. Windows will write the flat image to disk, and the Session Manager will launch the process."The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration … Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions.
Oh dear. Secure as possible? Not in this case: security researcher Roel Schouwenberg found and reported a buffer-overflow vulnerability in the LSE that can be exploited to gain administrator-level privileges.

After Lenovo learned of this bug in April, it dawned on the company that its LSE was falling foul of Microsoft’s security guidelines for using the powerful WPBT feature. Two months later, in June, it pulled the whole thing: the LSE software is no longer included in new laptops.Lenovo has also pulled the LSE from new desktop machines. Incredibly, Lenovo was shipping desktop PCs that feature the LSE in their firmware. These models phone home system data, but do not install any extra software, and do not suffer from the aforementioned privilege-escalation vulnerability. The PC maker’s laptops definitely do, however.Owners of LSE-afflicted computers urged to update their firmware
A tool quietly released on July 31 will uninstall the engine if it is present in your machine: it is available here for notebooks, and available here for desktops.On Tuesday this week, Lenovo published a full list of affected desktop and notebook models. Desktop machines built between October 23, 2014 and April 10, 2015, with Windows 8 preinstalled, have the LSE inside them."Lenovo Service Engine (LSE) is a utility in the BIOS that helps users download a program called OneKey Optimizer on certain Lenovo Notebook systems. The utility also sends non-personally identifiable system data to Lenovo servers," the Chinese goliath explained. "Lenovo, Microsoft and an independent researcher have discovered possible ways this program could be exploited by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server."

LSE uses the Microsoft Windows Platform Binary Table (WPBT) capability. Microsoft has recently released updated security guidelines on how to best implement this feature. Lenovo’s use of LSE was not consistent with these guidelines and Lenovo recommends customers disable this utility by running a disabler program that disables LSE and removes the LSE files from the system.The LSE functionality has been removed from newly manufactured systems.Without this climbdown, it would have been virtually impossible for users to remove the rootkit-like engine from the firmware. El Reg hopes other manufacturers aren’t doing the same with the WPBT.Suffice to say, netizens who have discovered this creepy code on their machines are not happy."I had this happen to me a few weeks ago, on a new Lenovo laptop, doing a clean install with a new SSD, Windows 8 DVD and Wi-Fi turned off," a Hacker News user called chuckup said on Tuesday, on noticing Lenovo’s bundleware suddenly appearing on his or her new computer.

"I couldn’t understand how a Lenovo service was installed and running. Delete the file and it reappears on reboot. I’ve never seen anything like this before. Something to think about before buying Lenovo."What is worrying is that all of this is pretty much what Microsoft intended. Its WPBT is engineered to allow manufacturers to painlessly inject drivers and programs into the operating system. It’s supposed to be used for things like anti-theft tools, so a system can be disabled via the internet if it’s stolen.But it also turns rootkit development and installation into a painting-by-the-numbers exercise. Lenovo got caught because its engine had crap security. And it sounds as though Microsoft pressured Lenovo to kill it."Richard Stallman is sounding less and less crazy with discoveries like this," noted another Hacker News poster, referring to the Free Software Foundation supremo who has warned for decades that we’re losing control of our computers."To think a manufacturer would essentially rootkit their own machines is testament to how bad things have become."This comes on the back of Lenovo’s Superfish scandal, in which the PC maker shipped laptops with adware on them that opened up people to man-in-the-middle eavesdropping. Miscreants could exploit the bundled crapware to snoop on victims’ encrypted connections to websites.

We’ve asked Microsoft to explain the thinking behind its WPBT feature. The Redmond giant was not available for immediate comment. A report published today by British privacy rights group Big Brother Watch (BBW) says the scale of private data being leaked is so great that those responsible should be jailed.Between April 2011 and April 2014, local councils experienced around four data breaches a day – a total of 4,236 instances – according to figures compiled by BBW.In the three years covered by the report (PDF), more than 400 devices, including 180 mobile phones, computers, tablets and USBs, were lost or stolen. In a further 600 cases information was inappropriately shared.BBW is annoyed that just one person has faced criminal sanctions, despite the huge number of breaches. Fifty were dismissed and another 39 resigned, but BBW says this does not go far enough, particularly as children’s information was involved in 658 occasions.

“Current penalties for serious data breaches do not deter individuals who are seriously considering breaking the law,” says the report, adding that “where a serious breach is uncovered the individual should be given a criminal record” to prevent them moving to a new organisation and doing the same thing again.With “human error” being the main reason behind the vast number of breaches, BBW says data protection training should be mandatory for members of staff with access to personal information as well as mandatory reporting rules for breaches that concern members of the public.Cheshire East: Inappropriate use of CCTV. A CCTV operator watched part of the wedding of a member of the CCTV team. They were issued with a “Management instruction” on future use of equipment.Lewisham Council: A social worker accidentally left a bundle of papers on the train. The bundle included personal and sensitive data relating to 10 children, including: names, addresses, date of birth, and third party information in relation to sex offenders, police reports and child protection reports. The individual involved resigned during disciplinary procedures.Aberdeenshire City Council: An unencrypted laptop containing the details of 200 schoolchildren was stolen. The laptop was later recovered. No disciplinary action was taken but the matter was reported to the Information Commissioner’s Office.

“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them. A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing. Until we see these policies implemented, the public will simply not be able to trust local councils with their data,” said BBW privacy campaign director, Emma Carr. Black Hat In-Depth A design flaw in Intel’s processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove."It’s a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, who revealed the hardware bug at the Black Hat conference in Vegas last week.

The blunder was introduced in 1995, in the Pentium Pro. It is hardwired into the silicon, and has been staring kernel-level programmers in the face for years.It allows smart hackers to run rootkit code at the very lowest level on the computer, out of reach of the operating system, its applications, and even the hypervisor. This means the rootkit can, among other things, silently monitor and record the user’s every keypress, mouse click, and download.Efforts to detect the rootkit and eradicate it from a computer can be blocked, or hampered, by the malware itself. A nightmare, in other words.The good news is that Intel spotted the howler in its processor blueprints, and corrected the issue: chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected. Also, operating systems can mitigate against the security hole at the hypervisor level, thus protecting themselves from miscreants exploiting the design flaw, according to infosec boffin Jacob Torrey.

Domas reckons there are hundreds of millions of Intel processors permanently vulnerable – they cannot be updated to fix the problem.A trusty Linux box from the previous decade that’s still plodding away, an office of old PCs, or a relative’s aging laptop, are the sorts of computers at risk of attack via this vulnerability. Your fancy new gaming rig, your virtual machine in the cloud or on your workstation, and that office PC bought two years ago in the last refresh, are immune.The design flaw is super-interesting. Even though today’s chips do not feature the engineering gaffe, it’s worth studying so lessons can be learned. Essentially, it is possible to execute arbitrary code in the processor’s all-powerful, and normally locked away, System Management Mode by abusing an obscure feature in the CPU, and we’ll explain what that means.
Intel-compatible processors separate software into what’s called rings of privilege, or rings of protection. Lower rings manipulate and control the upper rings, and the upper rings are forbidden from interfering with the lower rings.

Normal applications run in the uppermost unprivileged ring, aka ring 3, and they can’t directly affect the underlying system. Ignore rings 2 and 1; virtually nobody uses them.Your operating system runs in ring 0. Apps in ring 3 cannot directly meddle with the OS and compromise it because the OS is protected in ring 0.Then there’s ring -1, which is where the hypervisor lives, if you’re using one. The hypervisor looks after one or more operating systems that live in ring 0. The hypervisor, being in ring -1, is protected from the operating systems running in ring 0. This stops a guest operating system from taking over the host machine.Finally, under all that, there’s ring -2, which contains Intel’s System Management Mode (SMM) software. This is untouchable from all the other rings, and is loaded from the motherboard firmware before any operating system or hypervisor is started. The SMM works invisible to the other rings. It is like a hidden creepy janitor, doing little background jobs and keeping the hardware ticking over without the other rings realizing.

Napsat komentář