Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP Ships Switches With Malware Infected Flash Cards

Posted by samzenpus on from the bad-switches dept.

wiredmikey writes "HP has warned of a security vulnerability associated with its ProCurve 5400 zl switches that contain compact flash cards that the company says may be infected with malware. The company warned that using one of the infected compact flash cards in a computer could result in the system being compromised. According to HP, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory. This issue once again brings attention to the security of the electronics supply chain, which has been a hot topic as of late."

10 of 50 comments (clear)

  1. Isit made in CHina? by Spy+Handler · · Score: 3, Interesting

    is it?

  2. Paging Quality control by Anonymous Coward · · Score: 5, Insightful

    Hello? Quality Control? Are you there?

    1. Re:Paging Quality control by sunderland56 · · Score: 2

      That's not completely fair. QC's main function is to make sure the product works as advertised - and the switch does work correctly. It just has a few extra files on an internal bit of memory - not visible to the outside world in normal product use.

      This sounds more like a failure in the manufacturing process - either (a) the malware was on the golden copy that was generated by HP (which would be an engineering failure made in the USA), or (b) the malware got added by the fabrication house (which would be a supplier failure, but should have been caught by US engineering when they verified the first production samples).

  3. You say malware... by samazon · · Score: 3, Interesting

    The lack of detail regarding the malware (I keep typing maleware for some reason?) makes me want to jump to conclusions. The most fun one has to do with a bored programming intern and pornography, the least interesting is "they screwed something up and are blaming it on someone else."

    --
    I have the hiccups.
  4. Not to double post... by samazon · · Score: 4, Informative

    "The flash card wouldn't do anything on the switch itself but "reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity," HP warned in a bulletin issued on Tuesday." http://www.theregister.co.uk/2012/04/11/hp_ships_malware_cards_with_switches_oops/ I think is a LOT more concise and explanatory of the issue.

    --
    I have the hiccups.
    1. Re:Not to double post... by Anonymous Coward · · Score: 2, Informative

      Dude. I work at HP. That firmware has been in use since at least the mid '90s. I can tell you for a fact that it runs Slackware.

  5. How much does that cost? by it0 · · Score: 4, Funny

    Malware sure is expensive these days!

    Remeber kids, the best things in live are for free

  6. likely the system the loads the image has malware by Joe_Dragon · · Score: 2

    likely the system the loads the image has malware on it and it loads a fat file system and it's running windows with malware that auto copy and installs it self to any disk that it sees

  7. Increase in bashed-in heads seen in hospitals.... by rts008 · · Score: 3, Interesting

    I have admiration and sympathy for IT shops that truly try to set up and maintain a secure, productive network. At times, it must seem that EVERYONE and everything are working against you, and your just bashing your head against a wall.

    A ready made, turn-key botnet slave in a box, direct from your hardware vendor! Oh Joy! ;-)

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  8. Re:Increase in bashed-in heads seen in hospitals.. by fuzzyfuzzyfungus · · Score: 2

    Honestly, I'd be more worried about the fact that my not-at-all-cheap(and in many environments, not redundant, except at key points, definitely not for individual workstations) switches are booting from a dirt cheap flash card that's had its image loaded with verification so lousy that it missed the viral payload...

    I've have a fair number of cheap and nasty flash cards die on me, and that'd be a whole lot more annoying if there were a few grand worth of switch wrapped around the card when it happened(though I can say from personal 'dding-a-working-card-onto-a-CF-card-from-Staples-to-replace-the-boot-medium-of-$3k-worth-of-Alcatel' experience that HP is hardly the only one that does it).