HP admits to selling infected flash-floppy drives

Source: Computer World

Hybrid devices for ProLiant servers pre-infected with worms, HP says

April 7, 2008 (Computerworld) Hewlett-Packard Co. has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company said last week in a security bulletin.

Dubbed the HP USB Floppy Drive Key, the device is a combination flash drive and compact floppy drive and is designed to work with various models of HP's ProLiant Server line. HP sells two versions of the drive, one with 256MB of flash capacity and the other with 1GB of storage space.

A security analyst at the SANS Institute's Internet Storm Center (ISC) suspects that the infection originated at the factory and was meant to target ProLiant servers. "I think it's naive to assume that these are not targeted attacks," said John Bambenek, who is also a researcher at the University of Illinois.

HP confirmed in an April 3 advisory that both versions of the flash-floppy drive may come with a pair of worms, although the company offered few details. It did not, for instance, say how many of the drives were infected, where in the supply chain the infections occurred or even when they were discovered.

If a compromised drive is plugged into a USB port on any machine on the network, the worms may spread "to any mapped drives on the server," HP's alert said.



Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9075438&intsrc=hm_list

I've got to get out of GD-P more often!

GD:P stress disorder, for sure

And I will never buy another one EVER. I'm considering switching to a Mac, even though they are expensive. At least they seem to work more reliably.

In my experience they're the best built and performing, at least for laptops.

Lenova (a Chinese company) does.

Irony's a bitch.

When Lenovo bought IBM's PC line they inherited the designs. The ThinkPad T series notebooks are still as good as they ever were. Stay away from the cheaper stuff, but with T and X series ThinkPads being so cheap these days, there's really not too much point in buying one of the low-end ones.

You have NO IDEA what the Chinese are hiding in the BIOS of those computers. I wouldn't use those things for anything other then children's toys.

They outsource the BIOS to the usual vendors. Only the US State Department has stopped using Thinkpads because of Lenovo buying it.

But stay away from any 3000 or IdeaPad laptops. IBM I believe is still working with Lenovo through 2010 on the Thinkpad designs, that is why they are so good.

On the Desktop side, Thinkcentre is good, but stay away from the 3000 series desktops.

Love it. Vista too. Wonderful. I basically not only have a fast, powerful computer, I have a programmable "Tivo" as well! Fucking awesome. The entire box with Vista cost me less than $750! I could not build a better computer for anywhere near that price point. And it's stable, fast, and did I mention awesome!!

:P

2/AMD processors, 3 gigs of RAM, twin 320 Gig hard drives, media bay, tuner, Vista, all the bells and whistles :)

My dad has an HP that he bought last year, hasent given him any trouble at all even though it runs kinda sluggish with Vista. He updated to SP1 and it seems to help some. I have Vista on my gaming computer and it works great with SP1!

BTW, do you know if a HTPC can work with satallite tv?

literate.

If you have servers from HP that cost several thousand dollars, and somebody in your network plugs in one of these keys, your server could be attacked.

These keys were shipped this way, which means the company that HP bought them from allowed the product out without due quality testing.

HP will probably cancel the contract with the company and charge them back for any attacks.

It would take a unique set of circumstances for this to affect most businesses. No "normal" home user has a Proliant server. Some people use them for small businesses, but usually it's the Googles of the world that have thousands of this box. And their network is likely secure enough to block this attack in the first place.

It's embarrassing, but not damaging.

myself which means that I just skim the surface.

You are way ahead of the game.

because I was so green.

made in china? (if not, from where?)

outsourcing, huh?

American made worms......

The most likely explanation is that someone brought the malware into the system accidently to the computer system that did the master image. Than the master image was replicated (along with the malware) onto all the keys.

I worked with someone who once accidentally compiled a commercial software build in debug mode. Meaning, competitors could trace through the code with all the objects, function names and variable names intact. That ... and it's slower. So, ..., stuff like that happens.

We ship a cheap USB pen drive with some of our products. The key includes our PC software, manual, and a couple of other things. Well, the master ended up with a virus (in China) and subsequently made it onto about 600 of the keys. Fortunately, we caught it before it went to customers. Unfortunately, some poor saps at our warehouse had to format and reload the 600 keys themselves from scratch.

know how to steal. F you HP

I'm sure there are better things to criticize HP over.

to install RAID drivers when installing from the CD. Supposedly you can make a new CD installer with the drivers "slipstreamed" into the install, but I've never tried that. If there's one thing that absolutely should not be anywhere near a 21st-century computer, it's a floppy drive. That, and I read somewhere that some random unnamed deity of some sort kills a kitten anytime someone uses a floppy disk, but that could just be hearsay. :D

Won't someone think of the kittens?