Slashdot Mirror
Exploit Found to Brick Most HP and Compaq Laptops
Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."
Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP. You can reinstall Windows and it will work. Therefore it is not a brick, it is not bricked, it has no aspect of brickishness, not even a hint of brickening.
What the HELL is wrong with you morons??? Do you even read Slashdot discussions? This has been pointed out over and over and over again.
Bricking involves killing something dead in such a way that it becomes, in effect, an expensive paperweight or 'brick' if you will. As you are clearly retarded, let me explain that a 'brick' is typically a rectangular piece of clay or similar material hardened in a furnace and used to construct buildings and other structures, and usually has no functionality beyond this. Unlike the device in this story, reinstalling Windows on an actual brick will not lead to increased capabilities.
Read Pynchon.
It sounds like the user needs to be using Internet Explorer in order to be vulnerable. I doubt anything happens on Firefox or other browser since there is purposely no ActiveX support there.
Also I note that the exploit description itself never uses the inaccurate word "brick".
Exactly- this word has run its course, too many dipshits don't know how to use it.
Only way to repair a bricked item is for the manufacturer to repair it or some kind of emergency flash for example - like that old virus long ago which took out the ABIT BH6 boards bios.
For the cost of a thousand copies of Vista Business, you could pay Wine programmers to support every app your company uses.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
If you removed the crapware that HP sent out with it.. You'll be fine.. Just takes like 3 or 4 hours to do it all though... Extremely annoying...
It's a fairly recent phenomenon.. like the iphone 'brick' that wasn't a brick at all but the press seemed to pick up on the word even though they have no idea what it means (if anyone really thinks their iphone is bricked I'm quite happy to dispose of it for them, for a fee of course).
Most people still use the term correctly.. but the press through their damned stupid ignorance is determined to change that. Slashdot should not be one of the sites doing it.. they're supposed to know better.
find -name "*base*" -exec chown us {} \; ; ln -s
For a fraction of the investment, support the development of POSIX portable apps, and dump the platforms which don't have POSIX calls and portable libraries.
"Flyin' in just a sweet place,
Never been known to fail..."
Well, it's just a variation of what people used to say when their OS got corrupted and they said "my hard drive crashed". It just meant "My PC wouldn't boot".
On the other hand, most people are so mystified by computers that the difference between software and hardware is not obvious and they don't care.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Cringely is not as tech-illiterate as that. Certainly not as clueless as any of Slashdot's "Editors", current or former.
Bricking is a perfectly good technical term. I understand language evolves but it has no good reason to evolve in this direction. Real bricking is still a concern for some things and it's important to distinguish the potential damage something can do.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Most people would consider JTAG touching the hardware.
How about because they posted a full analysis including a demonstration with source code? Given a lot of stupid laws going into effect all over, I'd expect a lot more security researchers to remain anonymous, and as long as you're being anonymous who cares what your handle is?
You know, I can't really see how you can take an existing word and use it as a slang term, then turn around and claim it has only certain meanings that you'll accept. It's slang; its meaning has already been changed through incorrect usage. Notwithstanding its actual existing specific meaning, "bricked" is fairly obviously now a slang term for when something electronic is, temporarily or permanently, inoperative. No amount of "detagging" here is going to fix that, because it's a much more more useful slang term when it covers both situations. The number of times when you'd use it under your rules is so small as to make it worthless.
I will miss the grand high dudgeon when anyone (deliberately now I assume) uses it "wrongly" here when the expanded version becomes accepted though.
=DIVIDE BY CUCUMBER ERROR: REINSTALL UNIVERSE AND REBOOT=
Does it encrypt the data, or just set the folder ACLs so it can't be accessed?
If it's just ACLs, then you can read it from anywhere. Linux's NTFS support ignores ACLs for example, because it's going to have a very hard time trying to make them map to anything sensible. On another Windows box the SUIDs will be unknown but respected, but you should be able to take ownership of the folder and reset the permissions.
If it IS encrypted, that's another matter.
No, it is being used by some headline writers like that. But not anyone knowledgeable. It still means "permanently" , not "temporarily" fucked. In this article, for instance, the post by the "hacker" who found this never uses the word "brick". Only the sensationalist headline writer.
<captainobvious>The price?</captainobvious>
(And I'm not really sure about the thermal and sound proofing either.)
Ignore this signature. By order.