Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - The Perils of Vendor Bloatware InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The Perils of Vendor Bloatware

Published: 2015-12-02
Last Updated: 2015-12-02 15:52:47 UTC
by Rob VandenBrink (Version: 1)
4 comment(s)

In today's Stormcast, Johannes summarizes the current issue with some of the software that comes pre-installed on Dell Laptops.  In short, Dell Foundation Services- which is used for remote management - allows unauthenticated WMI queries to be processed through a simple SOAP interface.  We've used WMI in many stories for reconnaissance, pentesting and attack activities (check out our Diary Archives and Search function for more on this).

Anyway, on one hand, an IT Manager might say "who better to write desktop management software than the hardware vendor".  A smarter IT Manager might say "no, someone who builds hardware for a living is the *worst* person to buy software from, especially if it's free software".  Maybe the ground lies somewhere in between - I typically format every new machine, use the vendor hardware drivers for whatever OS I install, and stop there (at least as far as hardware vendor code goes)

Long story short, after the past year of Superfish and Dell's equivalent of Superfish, and now this, I hope it's time we all look at the special presents we get "for free", preinstalled on new hardware!

References:

Today's Stormcast: https://isc.sans.edu/podcastdetail.html?id=4767  (or subscribe in iTunes  or RSS)
Dell Foundation Services issue: http://rum.supply/2015/12/01/dell-foundation-services.2.html
Superfish 2.0: https://isc.sans.edu/diary/Superfish+2.0:+Dell+Windows+Systems+Pre-Installed+TLS+Root+CA/20411  

===============

Rob VandenBrink
Metafore

Keywords:
4 comment(s)
Diary Archives