Showing posts with label Lenovo. Show all posts

Healthy Paranoia

May 31, 2006
More developments on the US-China Commission's decision not to use Chinese manufactured PCs on the SIRPnet follow, an event I covered in a previous post "Espionage Ghosts Busters". The oficially stated attack vector, namely that "..a significant portion" of Lenovo is owned by the Chinese Academy of Sciences, an arm of the Chinese government." is nothing more than a healthy paranoia to me, one reaching to the skies on certain occassions, of course. Just came across to an article summarizing some recent events :

"The U.S. State Department recently declared that due to national security concerns, it would restrict use of the 16,000 computers it purchased to nonclassified work. It had originally planned to use 900 of the machines on a network connecting U.S. embassies. Lenovo’s goal of becoming the “Sony of China” could be impeded by worries over its machines’ security, blocking its strategy to move out of its Asia stronghold and into the West by courting North American computer users and possibly listing on U.S. stock markets. That realization sparked outcry from officials of both the Chinese government and the computer company."

However, today's monocultural reality, and favorable trend towards diversity will have greater impact on the (in) security of the PCs. Moreover, the "manufactured in China" reality is a commonly shared myth, one that keeps getting debunked as well :

"Almost any PC you can name has Chinese content,” said Roger Kay, president of the research firm Endpoint Technologies Associates. He pointed to Intel semiconductors and Seagate hard drives made in China. He also noted that 80 percent of notebooks sold worldwide are manufactured in China."

Even if Lenovo dared to implement hardware backdoors, or ship the PCs rootkit ready, it could have successfully ruined its business future -- insider pressure is always an option, but what do you got besides speculation? Don't unload China Communist Party's load on this recently separated from IBM devision, they aren't in the most favorable position, still remain among the top players on the PC market, right next to the efficiency machine Dell, which as a matter of fact recently completed its second high-tech factory in China.

Healthy paranoia, or the George Orwell inside you? Comic page text generated at Gaxed.com Continue reading →

Espionage Ghosts Busters

May 23, 2006
In previous posts, "Insider Competition in the Defense Industry", and "The anti virus industry's panacea - a virus recovery button" , I gave examples of insider trading, of malware infecting border-screening computers, or the plain truth on how U.S "manufactured" PCs are actually assembled in China these days.



Obviously, plain old paranoia without solid background still dominates as "Representative Frank Wolf (R-VA) has announced that the State Department has agreed not to use 900 computers purchased from Chinese-owned Lenovo on classified computer networks. The US-China Commission, a bipartisan congressional commission, raised concerns when State announced the purchase of 16,000 desktop computers from Lenovo, with 900 to be used on secret networks connected to the Defense Department's classified SIPRnet (Secret Internet Protocol Router Network). State is changing its procurement process to better track changes in vendor ownership that could impact national security."



There's a common myth that a nation's military uses a specially dedicated networks, ones greatly differing from the standart OSI model the way we know it -- which is wrong as it would limit the usability, and increase the costs of operating. My point is that, even a PC sold by Dell would eventually run a Microsoft OS, thus exposing it to the monocultural insecurity by itself, and the human weaknesses of the person operating the PC itself, not guarding the SIPRnet
perimeter.



It would be easier for Chinese hackers or government entities to take advantage of client side attacks on any of these systems, then to ship them backdoor-ready risking too much in case of possible espionage fiasco. There have been known cases of malware leaking nuclear plant information, or employees P2Peering sensitive/classified information. Be it, hardware keyloggers, logic bombs, BIOS rootkits, given the scrutiny, even a slight ambition might have vanished in the air. Modern spy gadgets are evolving, espionage cases are still happenning and some get even public, but in case you're interested in the true ghost covert operative - stay tuned for the Stand Alone Complex Novel! Continue reading →

The anti virus industry's panacea - a virus recovery button

April 20, 2006
Just when I thought I've seen everything when it comes to malware, I was wrong as a PC vendor is trying to desperately position itself as one offering a feeling of security with the idea to strip its product and lower the customer price. The other day I came across to a fancy ad featuring Lenovo's ThinkVantage Virus Recovery Button, and promoting its usefulness even when there's no AV solution in place :





"Rescue and Recovery is a one button recovery and restore solution that includes a set of self recovery tools to help users diagnose, get help and recover from a virus or other system crashes quickly, even if the primary operating system will not boot and you are remote from your support team."





The video ad is indeed fascinating, and while their Embedded Security Subsystem 2.0 "locks your sensitive data behind hardware-based encryption", you'd better take advantage of their utilities options and try to avoid such a weak positioning in respect to malware. The Virus Recovery Button seems to be directly targeting the masses and totaly removing the complexity issue by introducing a button-based solution to malware -- dangerous as backups and their idea could have proven useful during the first generations of malware.





Anti virus signatures, response time, and various other proactive malware prevention approaches such as, IPS, buffer overflow protection are among today's most widely discussed approaches when dealing with malware, and of course, the principle of least privilege to user accounts. But why the anti virus button when it can be an anti-hacker one? I feel they'd better stick to their OEM agreements and find other ways to achieve competive advantage in pricing than providing a false sense of security.





In my recent "Malware - future trends" research I mentioned on the fully realistic scenario of having your security solution turn into a security problem itself. While this is nothing new, in this case we have a misjudged security proposition, as recovering to a pre-infection state doesn't necessariry mean confidentiality of sensitive personal/financial information wouldn't be breached by the time the user is aware of the infection, if it ever happens of course.





Moreover, Lenovo was recently under scrutiny as "The U.S.-China Economic Security Review Commission (USCC) argues that a foreign intelligence like that of the Communist Party of China (CPC) can use its power to get Lenovo to equip its machines with espionage devices. Lenovo has strongly declined that it is involved in any such activities", and while they eventually reached a consensus on using the machines on unclassified systems only, it doesn't mean they aren't exposed to a wide variety of threats going beyond China backdooring them, such as Zotob over border-screening systems at airports.





As a matter of fact, the rival PC/notebook propositions might still be owned by U.S companies, but are mostly assembled in China these days -- too much hype for nothing.



UPDATE - Sites that picked up the post

LinuxSecurity.com
MalwareHelp.org





Technorati tags:
, , , , Continue reading →
Subscribe to: Comments (Atom)