The Perils of Vendor Bloatware
In today's Stormcast, Johannes summarizes the current issue with some of the software that comes pre-installed on Dell Laptops. In short, Dell Foundation Services- which is used for remote management - allows unauthenticated WMI queries to be processed through a simple SOAP interface. We've used WMI in many stories for reconnaissance, pentesting and attack activities (check out our Diary Archives and Search function for more on this).
Anyway, on one hand, an IT Manager might say "who better to write desktop management software than the hardware vendor". A smarter IT Manager might say "no, someone who builds hardware for a living is the *worst* person to buy software from, especially if it's free software". Maybe the ground lies somewhere in between - I typically format every new machine, use the vendor hardware drivers for whatever OS I install, and stop there (at least as far as hardware vendor code goes)
Long story short, after the past year of Superfish and Dell's equivalent of Superfish, and now this, I hope it's time we all look at the special presents we get "for free", preinstalled on new hardware!
References:
Today's Stormcast: https://isc.sans.edu/podcastdetail.html?id=4767 (or subscribe in iTunes or RSS)
Dell Foundation Services issue: http://rum.supply/2015/12/01/dell-foundation-services.2.html
Superfish 2.0: https://isc.sans.edu/diary/Superfish+2.0:+Dell+Windows+Systems+Pre-Installed+TLS+Root+CA/20411
===============
Rob VandenBrink
Metafore
Comments
Anonymous
Dec 2nd 2015
9 years ago
Anonymous
Dec 2nd 2015
9 years ago
Anonymous
Dec 2nd 2015
9 years ago
Anonymous
Dec 3rd 2015
8 years ago