Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit Found to Brick Most HP and Compaq Laptops

Posted by Soulskill on from the cool-looking-paperweight dept.

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

9 of 294 comments (clear)

  1. !BRICK FFS by caitsith01 · · Score: 5, Insightful

    Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP. You can reinstall Windows and it will work. Therefore it is not a brick, it is not bricked, it has no aspect of brickishness, not even a hint of brickening.

    What the HELL is wrong with you morons??? Do you even read Slashdot discussions? This has been pointed out over and over and over again.

    Bricking involves killing something dead in such a way that it becomes, in effect, an expensive paperweight or 'brick' if you will. As you are clearly retarded, let me explain that a 'brick' is typically a rectangular piece of clay or similar material hardened in a furnace and used to construct buildings and other structures, and usually has no functionality beyond this. Unlike the device in this story, reinstalling Windows on an actual brick will not lead to increased capabilities.

    --
    Read Pynchon.
  2. From the exploit description by The+MAZZTer · · Score: 4, Insightful

    It sounds like the user needs to be using Internet Explorer in order to be vulnerable. I doubt anything happens on Firefox or other browser since there is purposely no ActiveX support there.

    Also I note that the exploit description itself never uses the inaccurate word "brick".

  3. Re:Donate how much to Wine? by Carnildo · · Score: 4, Insightful

    For the price of donating enough money Wine to pay a programmer to implement complete support for the application, one could buy several copies of genuine Windows Vista Ultimate.


    For the cost of a thousand copies of Vista Business, you could pay Wine programmers to support every app your company uses.
    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  4. Re:Two points about the article's headline. by Nosklo · · Score: 5, Insightful

    But do these computers come with a recovery CD, or just a recovery partition? I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it. The point is, if you can use the computer after the exploit, it is not a brick, so it is not *bricked*. If you lost your documents or not has nothing to do with it.
    --
    find -name "*base*" -exec chown us {} \; ; ln -s /dev/zero /dev/chance ; make time
  5. Re:Donate how much to Wine? by Jeremiah+Cornelius · · Score: 5, Insightful

    For a fraction of the investment, support the development of POSIX portable apps, and dump the platforms which don't have POSIX calls and portable libraries.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  6. Re:Two points about the article's headline. by tkrotchko · · Score: 3, Insightful

    Well, it's just a variation of what people used to say when their OS got corrupted and they said "my hard drive crashed". It just meant "My PC wouldn't boot".

    On the other hand, most people are so mystified by computers that the difference between software and hardware is not obvious and they don't care.

    --
    You were mistaken. Which is odd, since memory shouldn't be a problem for you
  7. Re:Two points about the article's headline. by Anonymous Coward · · Score: 3, Insightful

    Most people would consider JTAG touching the hardware.

  8. Re:Two points about the article's headline. by totally+bogus+dude · · Score: 4, Insightful

    Does it encrypt the data, or just set the folder ACLs so it can't be accessed?

    If it's just ACLs, then you can read it from anywhere. Linux's NTFS support ignores ACLs for example, because it's going to have a very hard time trying to make them map to anything sensible. On another Windows box the SUIDs will be unknown but respected, but you should be able to take ownership of the folder and reset the permissions.

    If it IS encrypted, that's another matter.

  9. Re:Two points about the article's headline. by 1u3hr · · Score: 5, Insightful
    Notwithstanding its actual existing specific meaning, "bricked" is fairly obviously now a slang term for when something electronic is, temporarily or permanently, inoperative.

    No, it is being used by some headline writers like that. But not anyone knowledgeable. It still means "permanently" , not "temporarily" fucked. In this article, for instance, the post by the "hacker" who found this never uses the word "brick". Only the sensationalist headline writer.