Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit Found to Brick Most HP and Compaq Laptops

Posted by Soulskill on from the cool-looking-paperweight dept.

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

18 of 294 comments (clear)

  1. Two points about the article's headline. by Whiney+Mac+Fanboy · · Score: 5, Informative

    Two points about the article's headline:

    1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

    2) This is a software problem, not a hardware problem. I doubt this exploit is going to work on my (old & crappy) HP sempron laptop, seeing as its dual booting Debian & OS X.

    A better headline would be "Exploit found in HP update software" - but I guess that's just not that ad-revenue generating.

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:Two points about the article's headline. by Ignorant+Aardvark · · Score: 5, Informative

      It's annoying how the word brick has lost all meaning recently. If this exploit actually allowed bricking that would be huge news. But it doesn't. A computer that merely needs its OS repaired/reinstalled is not bricked. Slashdot editors, please figure that out already.

      --
      Cyde Weys Musings - Scrutinizing the inscrutable
    2. Re:Two points about the article's headline. by Ian+Lamont · · Score: 5, Informative

      The original headline I submitted was: Researcher lists new HP/Compaq laptop exploits Not too far from your suggestion ...

    3. Re:Two points about the article's headline. by Nosklo · · Score: 5, Insightful

      But do these computers come with a recovery CD, or just a recovery partition? I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it. The point is, if you can use the computer after the exploit, it is not a brick, so it is not *bricked*. If you lost your documents or not has nothing to do with it.
      --
      find -name "*base*" -exec chown us {} \; ; ln -s /dev/zero /dev/chance ; make time
    4. Re:Two points about the article's headline. by MorpheousMarty · · Score: 5, Informative

      Damn straight, I'm glad you got the comment in early. Bricking is one of the last pure computing terms around. Memory, CPU, Operating System, code, hack, have all come to mean a lot of things, but bricking still has specific meaning. If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else.

    5. Re:Two points about the article's headline. by smittyoneeach · · Score: 5, Funny

      users on there will think
      Optimist.
      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
    6. Re:Two points about the article's headline. by ehrichweiss · · Score: 5, Informative

      "If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else"

      I was under the impression that it was bricked if you couldn't bring it back without hacking the hardware. Like with the OpenWRT routers, they are said to be bricked if you install a bad firmware update but you can JTAG them and potentially bring them back. And that context has been around as long as I can remember.

      --
      0x09F911029D74E35BD84156C5635688C0
    7. Re:Two points about the article's headline. by ConceptJunkie · · Score: 5, Funny

      Slashdot has editors?!

      --
      You are in a maze of twisty little passages, all alike.
    8. Re:Two points about the article's headline. by Anonymous Coward · · Score: 5, Funny
      We don't need no exploitation,
      Block all Active-X controls,
      No Javashitting in my browser,
      Lame-ass spammers, lick my hole,

      HEY! CRACKERS!, face the fire-wall!
      > All in all, it was just a brick in the wall. (Guitar solo singing Fixed-it-for-you)
      All in all, a pack-et, blocked by my fire-wall.

    9. Re:Two points about the article's headline. by 1u3hr · · Score: 5, Insightful
      Notwithstanding its actual existing specific meaning, "bricked" is fairly obviously now a slang term for when something electronic is, temporarily or permanently, inoperative.

      No, it is being used by some headline writers like that. But not anyone knowledgeable. It still means "permanently" , not "temporarily" fucked. In this article, for instance, the post by the "hacker" who found this never uses the word "brick". Only the sensationalist headline writer.

  2. According to my sources... by Spy+der+Mann · · Score: 5, Funny

    there's a patch available, but it involves penguins ;-)

    1. Re:According to my sources... by alx5000 · · Score: 5, Funny

      Linux. The OS even bricks can run.

      --
      My 0.02 cents
  3. !BRICK FFS by caitsith01 · · Score: 5, Insightful

    Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP. You can reinstall Windows and it will work. Therefore it is not a brick, it is not bricked, it has no aspect of brickishness, not even a hint of brickening.

    What the HELL is wrong with you morons??? Do you even read Slashdot discussions? This has been pointed out over and over and over again.

    Bricking involves killing something dead in such a way that it becomes, in effect, an expensive paperweight or 'brick' if you will. As you are clearly retarded, let me explain that a 'brick' is typically a rectangular piece of clay or similar material hardened in a furnace and used to construct buildings and other structures, and usually has no functionality beyond this. Unlike the device in this story, reinstalling Windows on an actual brick will not lead to increased capabilities.

    --
    Read Pynchon.
    1. Re:!BRICK FFS by Anonymous Coward · · Score: 5, Funny

      Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP.

      If it did, then Windows would be considered self-bricking.

    2. Re:!BRICK FFS by JK_the_Slacker · · Score: 5, Funny

      I beg to differ. I've seen bricks used as paperweights, doorstops, melee weapons, missiles, jackstands, stepping stools, water-saving devices, exercise equipment, depth probes, counterweights, tourist attractions, ballast, keyless entry devices, cookware, heating elements, hammers...

      I will not have you slandering the name of the noble and versatile brick!

      --
      I'm waiting for a "-1 somepeoplejustshouldn'tgetmodprivileges" meta-moderation.
  4. Bricked? by T-Bone-T · · Score: 5, Funny

    Did anybody mention that they used "bricked" incorrectly?

  5. Re:Donate how much to Wine? by Jeremiah+Cornelius · · Score: 5, Insightful

    For a fraction of the investment, support the development of POSIX portable apps, and dump the platforms which don't have POSIX calls and portable libraries.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  6. A theory... by jbwolfe · · Score: 5, Interesting

    ...I must propose that Slashdot editors are involved in a conspiracy. To wit: In the past few months or so, we have had at least three submissions that have incorrectly used the term "brick" to describe a problem with typically simple solutions- distinctly not problems without solution. Anyone interested enough to submit an article to Slashdot would know the meaning of the term. Therefore, the only explanation is that the editors are cultivating the submissions in a way calculated to stimulate numerous off topic posts highlighting the improper use of the term, in turn increasing the traffic in order to generate add revenue. What's the definition of troll?

    --
    Have you ever noticed that anybody driving slower than you is an idiot, and anyone going faster than you is a maniac?