The vulnerabilities in question are CVE-2016-4957 (another vulnerability in Crypto-NAK found by Cisco), and from Red Hat there's CVE-2016-4953 (an authentication bug), CVE-2016-4954 (server packet spoofing), CVE-2016-4955 (autokey association reset) and CVE-2016-4956 (a broadcast interleave bug).This Damn War “What’s the smallest fire I could start to be noticed, but not so big that I risk burning down the building?” is one of the stranger thoughts to have entered my head, in many years of working in IT. No, I'm not a closet pyromaniac, so why was I entertaining such thoughts?I had found myself stuck in a data centre on a Sunday afternoon and by that point, I’d been in there for over two hours with no sign of rescue. That shouldn’t have been the case, of course, but a series of unfortunate events had led me down that road.The data centre in question was undergoing an enormous refurbishment, and the rack I was working on was one of the last stragglers in an aged hall that was waiting to be decommissioned. When I arrived, the on-site team were very conscientious in pointing out open floor tiles and various other construction-related trip hazards; unfortunately, the contractors had been rather less meticulous.
I completed the work I needed to, then packed up my bag to leave. When I got to the exit however, my access card wouldn’t unlock the door. After a few frustrated swipes I tried the emergency door release button, also to no avail. Following some rather pitiful shoulder bunts against the door, to see if the release was working but the door itself was physically stuck – it wasn’t, it hurt – I conceded that the contractors must have fouled up the access control system somehow.“Not a problem,” I thought to myself, and picked up the telephone on the wall adjacent to the door, normally a direct line through to the operations centre. The line was dead, another casualty of the building work.“Still nothing to worry about,” I mused, and started waving my arms in front of the CCTV camera above the door to get someone’s attention.I jumped around in front of that camera for far longer than I’d care to admit, before I resigned myself to the fact that nobody was watching (or rather, able to watch) and sat down on the floor to take stock of my options.I first reached for my mobile phone which was almost fully charged, but had no signal in the metal sarcophagus of the data centre’s innards. Next up was my laptop: I could grab a network cable, plug directly into the network switch in my rack, and contact the outside world to achieve my freedom. Unfortunately, that was my third stop of the day and I’d already worn my laptop’s meagre battery down… and the power supply was on my desk at home. There wasn’t even a KVM trolley in the hall to use one of our servers to call for help, another casualty of the decommissioning process.
Deflated, I sat on the floor, and wondered how long it would take for someone to notice I was gone. I hadn’t given my wife an ETA for arriving home and as far as my colleagues were concerned this was a “pop in on my way past” flying visit, so they wouldn’t be expecting to hear from me again. By this point, I’d been in there for well over an hour and nobody had been to check on me; I was starting to get worried.What got me really worried was when I couldn’t open the fire door at the back of the hall. I could depress the release bar, but there was some construction detritus behind the door that meant it simply wouldn’t budge. Cue more pathetic shoulder charging, to no avail.I hammered on the fire door for a while and shouted myself hoarse, but nobody heard, so I tried the main door. Shouting for help turned into profanities, which turned into pleading and plaintive wails, but no help was forthcoming.Again, I sat on the floor and stewed for a while, and by the two-hour mark I was starting to feel desperate, which probably explains the (admittedly, very poorly-thought out) ‘start a small fire’ plan; quickly shelved, when I realised the fire alarm didn’t go off when I tried the door.
As I began to contemplate a night in my personal air-conditioned hell, a thought occurred to me: the fire alarm might have been yet another casualty of building works, but it wasn’t the only kind of monitoring.I ran over to my rack and pulled a couple of redundant power cables; not serious enough for an outage, but enough to generate some alerts from our own monitoring. I replaced them and did the same with more servers – lather, rinse and repeat – until the constantly flapping monitors caused one of my team to ring the data centre, to ask them to eyeball our rack and check for ‘power problems’.All told, I’d been trapped in that data centre for less than three hours, but even so when that door did finally open I felt like Shawshank Redemption’s Andy Dufresne. Lenovo is warning users to uninstall its Accelerator support application after it was revealed to have what it says are serious interception vulnerabilities.The company is one of five vendors caught pre-installing dangerously-vulnerable OEM software.
Duo Security researcher Mikhail Davidov reported the holes that would allow eavesdropping attackers to tap into Accelerator's unencrypted update channels to compromise users."A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities," Lenovo says."The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available."Lenovo recommends customers uninstall Lenovo Accelerator Application."Unencrypted update channels open an avenue for attackers to among other efforts push malware masquerading as software patches. It is limited in that it requires affected users to connect to malicious or open wireless networks to be exposed.Only those Lenovo machines with Windows 10 pre-installed sport the exposed app.The Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems preloaded with the Windows 10 operating system.
Laptops from Acer, Asus, Dell, and HP were also tested and found to have a dozen vulnerabilities. All contained at least one hijacking flaw, most of which are easy to exploit.Lenovo says some 46 notebook and 25 desktop lines are affected, including its top end Y700 gaming laptop, IdeaCentre all-in-one desktops, and Yoga flip netbooks.It follows the 2014 shelling of Lenovo after it bundled the Superfish adware which used a trusted root certification authority certificate that allowed attackers to spoof HTTPS traffic. AMD has officially torn the wraps off its seventh-generation processors for laptops and notebooks. These are, we're told, shipping in volume in gear from Acer, Asus, Dell, HP, and Lenovo.As warned in April, and announced today at Computex 2016 in Taipei, the CPUs use AMD's Excavator architecture as found in Carrizo.AMD's new “Bristol Ridge” seventh-gen family features 35W and 15W versions of AMD's FX, A12 and A10 processors, and the “Stoney Ridge” gang includes 15W A9, A6 and E2 chips. The list of Mini Chipzilla's seventh-gen CPUs is here.
Meanwhile, the $199 Radeon RX 480 graphics processor has popped up, powered by the Polaris architecture, and is aimed at VR geeks. Computers from many of the biggest PC makers are riddled with easy-to-exploit vulnerabilities in pre-loaded software, security researchers warn.The research from Duo Security shows that bloatware is not just a nuisance that causes a lag in system boot-up, but a security risk. Laptops from Acer, Asus, Dell, HP and Lenovo all have at least one security vulnerability that can lead to a full system compromise. Most of the vulnerabilities would be straightforward to exploit even for technically unsophisticated hackers, according to Duo Security.Lenovo copped an enormous amount of flack after it began bundling Superfish adware with some of its computers in September 2014. Superfish adware was installed on some Lenovo PCs with a trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser, as US CERT warned around the time the scandal broke in early 2015.