Search 
You are here: Articles   
Home
ArGoStuff
       About
       ArGoStuff Supporters
       Forum Posting Policy
Forums
Articles
       Articles Archive
Cyber Security Tips
FAQ
Downloads
Links
Article CategoriesMinimize

Article AuthorsMinimize
ArticlesMinimize
Current Articles | Archives | Search
IN FOCUS: Vendors' Lax Security is Our Problem
Posted by SteveT on Thursday, January 31, 2008 :: Last Updated on Thursday, January 31, 2008:: Views 3661

   

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I blogged about a rather shocking incident. It's shocking both because it even happened and because it continues to happen. The incident I'm referring to is that Best Buy shipped digital picture frames that contained a virus that was installed during the manufacturing process. Can you believe it? In this day and age, given all the focus put on computer security problems by nearly every media outlet in the world, Best Buy still shipped a product infected with a virus. There's no excuse for that whatsoever.

But Best Buy isn't alone in making such a gigantic mistake. Several other companies have faced heat for shipping products already infected with viruses. In August of 2007, Seagate Technology reportedly shipped a bunch of Maxtor Basics Personal Storage 3200 devices with spyware that snoops around the system looking for passwords and then sends them to an external site over the Internet. For more information about the Seagate Technology incident, go to
www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw
(http://ct.email.windowsitpro.com/rd/cts?d=33-1843-803-202-5219-141780-0-0-0-1-2-207.

In September of 2007, Apple shipped some of its hugely popular video iPods with the RavMon worm. (For more information, go to www.apple.com/support/windowsvirus (http://ct.email.windowsitpro.com/rd/cts?d=33-1843-803-202-5219-141781-0-0-0-1-2-207) Apple then had the audacity to state that "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it." Talk about shifting the blame! Wow. To Apple I would say, "just own up to your catastrophic mistake and leave it at that."

Also in September of 2007, German manufacturer Medion reported that several of its ALDI laptops were infected with the Stoned.Angelina boot-sector virus. In case you didn't know, variants of the Stoned virus have been floating around for more than a decade, so it's amazing that a variant of it found its way onto a new laptop direct from the factory.  To read Medion's bulletin (translated from German to English via Google), go to
http://translate.google.com/translate?u=http%3A%2F%2Fwww.medion.de%2Fpopup_md96290.htm&langpair=de%7Cen&hl=en&ie=UTF-8 
(http://ct.email.windowsitpro.com/rd/cts?d=33-1843-803-202-5219-141782-0-0-0-1-2-207.

In January of 2007, TomTom International admitted that it shipped several of its TomTom GO 910 GPS units with an unnamed virus. The affected units were manufactured between September and November of 2006. You can read more about the incident at
www.tomtom.com/news/category.php?ID=2&NID=349&Language=1
(http://ct.email.windowsitpro.com/rd/cts?d=33-1843-803-202-5219-141783-0-0-0-1-2-207).

If that weren't enough already, in 2005, Creative shipped several thousand Zen Neeon digital audio players that contained a variant of the Wullik mass-mailing worm. You can read about that fiasco (translated from Japanese to English via Google) at
http://translate.google.com/translate?u=http%3A%2F%2Fjp.creative.com%2Fcorporate%2Fpressroom%2Freleases%2Fwelcome.asp%3Fpid%3D12173&langpair=ja%7Cen&hl=en&ie=UTF-8
(http://ct.email.windowsitpro.com/rd/cts?d=33-1843-803-202-5219-141784-0-0-0-1-2-207).

Even big shots such as IBM have made the same mistake. In 1999, the company revealed that several of its Aptiva 2158 laptop systems were shipped with the CIH virus, which later became more commonly known as the Chernobyl virus. You can read IBM's admission at
www.pc.ibm.com/partner/us/ssg/2b7e.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-1843-803-202-5219-141785-0-0-0-1-2-207).

There are probably several other companies that have made similar mistakes, but the seven companies I've listed here are more than enough to make one think (possibly in disgust) about just how terrible the security practices of these major companies really are. They obviously didn't take security seriously enough, if they even considered it at all.

The ramifications of their oversights could have been enormous. Imagine a hiker using a TomTom GPS unit to navigate in the wilderness, only to find that the device was giving out bogus coordinates. Or imagine a doctor using an Aptiva or ALDI laptop that suddenly started deleting patient records or important diagnostic results.

The lesson here is pretty clear. A vendor's lax security practices quickly become their customers' problem. Vendors need to have adequate security at all levels of their organizations, particularly those vendors who manufacture any type of electronic products.

Previous Page | Next Page

COMMENTS
DonationsMinimize

Find our site useful? Make a donation to show your support

Donate

logo_ccMC.giflogo_ccVisa.giflogo_ccDiscover.giflogo_ccAmex.gif

ArGoStuff Supporters

 


News from ArGoSoftMinimize
1 2 3 4 5 6

Mail Server v1.0.8.3
  • Added support of STARTTLS (STLS) command for SMTP, POP3, IMAP, and SMTP relay and delivery, which will allow secure, fully encrypted connections, when possible;
11/6/2011 1:10:34 PM
Mail Server v1.0.8.2
  • Optimized delivery speed. In earlier versions each "tick" which was checking whether messages were in the outbox queue, was picking up only one message at a time. Now it will attempt to pick MaximumAllowedThreads-ActiveDelivery threads messages, which should considerably increase deliver speed;
  • Optimized SEARCH and STATUS IMAP commands. They appear to be used very extensively by Android, and (not that extensively, but still) by iPhone. Now users who use mobile phones to access their IMAP accounts will see considerable improvement;
  • Optimized STORE IMAP command. Before storing of IMAP flags was occuring one message at a time, which seemed to be fine with SQL server, but proved to be slow for SQLite... Now it happens with single SQL call.
10/8/2011 7:59:35 PM
ArGoSoft Mail Server v1.0.8.1
  • Fixed a bug: when using IMAP via Firefox with "When I delete a message, move it to Trash folder" option, marking messages in the trash folder was causing high CPU usage, and was taking some time, making the server pretty much non-responsive. The problem was happening only when using SQLite.
6/6/2011 9:33:36 PM
ArGoSoft Mail Server v1.0.8.0
  • Fixed a problem with web interface - was showing only first page of messages, and would not switch to other pages; In order to fix the web interface, mail server itself has to be updated;
  • When installint initially, was still using SQLite, even when SQL was requested;
  • There was a problem with switching from SQLite database engine to SQL server database engine: the SQL database was not being created;
5/23/2011 5:53:55 PM
ArGoSoft Mail Server .NET v1.0.7.9
  • The server no longer requires Microsoft SQL Server. If SQL server is not found, it will use SQLite engine, which does not require separate installation. If SQL server is found, then user will be prompted whether he wants to use it;
  • Made other improvements, such as, now mailbox rebuild indexes orphaned records, rather then deleting them, also added an opotion to increment UIDL validity of folder (both on the Mailbox viewer box);
  • Made minor improvements on web interface;
4/26/2011 9:47:25 PM

1 2 3 4 5 6

Protect Your Computer today withGet AVG Today

Home:ArGoStuff:Forums:Articles:Cyber Security Tips:FAQ:Downloads:Links
Copyright 2006-2011 by ArGoStuff Terms Of UsePrivacy Statement