Updated:06:45 PM EDT Mar 20

this is ggmania.com subsite

rss feed 
top 100
submit news

FREE eBooks

CD/DVD tools
Free Antivir

Forex Brokers Reviewed

Try to play real money casino with no risk by claiming offers at freespinsnodeposituk.com that lists no deposit free spins

When playing bingo online, we recommend to read verified reviews at bingosite.org.uk before choosing a bingo site to play at.

Check out https://casinopiloten.se/basta-casinon-online for the best online casino sites with highest bonuses in Sweden.

Bästa mobilcasino means the best mobile casino in Swedish. Visit NyaMobilCasinon.se and play at top smartphone casinos.

Looking for free spins? https://nyacasinonsverige.se/nya-free-spins/ Visit and claim 10, 20, 50 or more extra spins to play your favourite slots.

(C) 2006-2018 TechAmok
All Rights Reserved.

Millions of PCs Affected by Mysterious Computrace Backdoor - TechAmok

Millions of PCs Affected by Mysterious Computrace Backdoor - [security]
02:12 PM EDT - Aug,12 2014 - post a comment

Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible firmware interface (UEFI). Computrace is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine. Kaspersky Lab researchers Vitaly Kamluk and Sergey Belov along with Anibal Sacco of Cubica Labs earlier presented their research in a briefing titled "Absolute Computrace Revisited" six months ago at the Kaspersky Security Analyst Summit (SAS) in the Dominican Republic. They presented an updated version of that talk at Black Hat last week.

Computrace should not be enabled by default. Absolute Software's technical documentation says that Computrace should be enabled either by the user or by IT departments with admin control of work machines. In fact, to this point, Kamluk, Sacco and Belov can only guess at how Computrace is enabled by default on many out-of-the-box PCs. At present they believe the software is being unintentionally initiated by manufacturers. Furthermore, once Computrace is enabled, it is incredibly persistent and very difficult to remove or even turn off. One of the problems – as was highlighted at SAS – is that Computrace does not enforce encryption when it communicates and it does not verify the identity of the remote server from which it receives commands. This is particularly irksome given how Computrace works: first the persistence modules in BIOS/UEFI update a system's default autochk.exe. Then the new autochk.exe drops and registers a new system service called rpcnetp. Rpcnetp, in turn, talks to the Absolute server and is replaced by rcpnet, which is a core remote administration module that is restored if the user deletes it. In other words, the way Computrace interacts with Absolute could expose users to man-in-the-middle attacks. Back in February, Kamluk described Computrace's exploitability as follows:
The software is extremely flexible. It's a tiny piece of code which is a part of the BIOS. As far as it is a piece of the BIOS, it is not very easy to update the software as often. So they made it very extensible. It can do nearly anything. It can run every type of code. You can do to the system whatever you want. Considering that the software is running on these local system privileges, you have full access to the machine. You can wipe the machine, you can monitor it, you can look through the webcam, you can actually copy any files, you can start new processes. You can do absolutely anything.

Add your comment (free registrationrequired)

Short overview of recent news articles

Mar,20 2018 NVIDIA Releases GeForce 391.24 WHQL Drivers
Mar,20 2018 Bitcoin's Blockchain Loaded with Child Pornography
Mar,19 2018 Far Cry 5 ''Boomer'' Trailer
Mar,19 2018 Apple is developing own microLED display tech for future Apple Watch
Mar,19 2018 Self-Driving Uber Car Kills Woman in Arizona
Mar,19 2018 HTC VIVE Pro Preorders
Mar,19 2018 Samsung Galaxy S9 and S9 Plus Destroyed
Mar,19 2018 Steve Jobs' job application from 1973 auctioned for $174,757
Mar,18 2018 Samsung S9/ S9+ vs iPhone X vs Galaxy Note 8 Battery Life DRAIN TEST
Mar,17 2018 Intel has microcode updates for modern CPUs and fixed silicon for
Mar,16 2018 Microsoft wants to force Windows 10 Mail users to open links in Edge
Mar,16 2018 Marvel Studios' Avengers: Infinity War - Official Trailer
Mar,16 2018 Bella Thorne for Shape Magazine
Mar,16 2018 Intel Now Offering System Studio for Free
Mar,16 2018 Apple Puts Family Resources On a Single Web Page
Mar,15 2018 Sex Robots are getting smart and more real than ever
Mar,15 2018 Microsoft Admits It Incorrectly Upgraded Some Windows 10 Users To
Mar,15 2018 Cryptocurrency Exchange Offering $250k Bounty For Hackers
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.02secs