![]() Be aware of those rpcnet* process and services around there. Just be careful and take a look to the process you have running. So, there isn’t too much you can do about it. But a first stage rootkit can modify it in the same way as you. The nvran just holds the flag which indicates if the agent is enabled or not in the OS. Specially when its a so insecure badcoded software. Its not nice to realize that you have a monitoring piece of software deep inside your hardware’s laptop. Guillermo said this on Apat 6:58 pm | Reply Could you give us any way to protect us ourselves? We dont need big corps controlling us. We need somebody to protect us (a thief is not a big problem, when somebody is looking inside your life). The most of them dont be programation experts. ![]() It will work in a dell studio series model? I think a lot of responsible people dont want to have a danger like that inside his/her laptop. I read too, about DCCU (of dell) and how to make a reset of NVRAM. I read about bios dell inspiron series in your papers, but i dont know it will work in a DELL STUDIO SERIES. I know is difficult to erase the soft and the research team of computrace only will remove the soft at S.O. I think Big Brother is looking inside our laptops and netbooks, and i dont like this at all. I understand the danger of this bios soft. I read the white paper, the slides and some forums about this software. I think your best option will be to check periodically if the computrace agent is installed and running on your system. I’m sure what the computrace guys told you was that they can remove the *software installed on the hard drive* and not the BIOS stub. Its almost impossible to remove the on-bios computrace stub in a safe way. ![]() Well, i recommend you to read all the links in this post to fully understand the implications of having Computrace installed on your BIOS. Guillermo said this on Apat 4:47 pm | Reply Is it really true? They remove completly software at bios? What can i do to remove this sotfware? Any tool to do it? The computrace guys told me they can remove the software with remote access. I bought 5 days ago a dell notebook with computrace lojack installed. Goran Cobanovic said this on Decemat 2:34 am | Reply Great read, will come back for more soon, thanks So, if you have doubts and want to be sure, please check the tools and papers at Core Security web page.ĪLS - said this on Octoat 1:49 pm | Reply Well, not… In fact, i think the answer is pretty obvious. ![]() Sydney X said this on Septemat 3:11 am | Reply I am wondering why the general press does not seem to care much about the vulnerability, is it that there is really a low risk that this could compromise systems en masse? I also wonder if the claims are false as Absolute Software says, then why didn’t they file a lawsuit? They seem to be quite a litigious company, one would think that if you guys were making outragegous and unfounded claims that they would come after you legally. You can find the Core Security response here:ģ5 Responses to “Deactivate the rootkit – Black Hat Vegas 2009” Then, after some words of the computrace guys denying almost all our findings ( here), we made public this page with all the proof, meaning: a tool to detect if your laptop has computrace in it, a network dump showing the first stage of the communication in plain text :S, several videos demonstrating what we said, and a tool to control and redirect computrace. We just did a turbo-talk at black hat ( a very long one, im really happy about that) and we didnt have the time to show all the proofs we gathered but we did it through Core. Im not going to explain all the research here… a lot has been said about this. Has been a long time since my last post here… Alfred and I were working very hard for our last research/talk (the continuation of ‘Persistant BIOS Infection’) “Deactivate the rootkit” where we found that Computrace (an Anti-Theft Technology system) comes by default on most of the laptops BIOSes and it can be controlled by an attacker compromising the whole system’s security mechanisms. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |