×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HP Ships Switches With Malware Infected Flash Cards

samzenpus posted about 2 years ago | from the bad-switches dept.

HP 50

wiredmikey writes "HP has warned of a security vulnerability associated with its ProCurve 5400 zl switches that contain compact flash cards that the company says may be infected with malware. The company warned that using one of the infected compact flash cards in a computer could result in the system being compromised. According to HP, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory. This issue once again brings attention to the security of the electronics supply chain, which has been a hot topic as of late."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

50 comments

Isit made in CHina? (3, Interesting)

Spy Handler (822350) | about 2 years ago | (#39649807)

is it?

Re:IS IT made in...? (0)

Anonymous Coward | about 2 years ago | (#39650515)

It's unclear how the unknown malware got onto the Flash cards that come bundled with the 10 Gbps-capable line of LAN switches, but an infected computer somewhere in the manufacturing process – possible in a factory run by a third-party supplier – is the most obvious suspect.

Regardless of where 'it's' made, it's still HP's baby... Where do I sign up for the class action suit?

Flash Card Imager Minted in Redmond... (1)

IBitOBear (410965) | about 2 years ago | (#39650579)

You don't have to have the hardware made over seas if you home your firmware god-copies on an american made petri dish.

(obligatory windowz suxors reference, proving that anything can be turned into a partisan rant. 8-)

Paging Quality control (5, Insightful)

Anonymous Coward | about 2 years ago | (#39649833)

Hello? Quality Control? Are you there?

Re:Paging Quality control (2)

sunderland56 (621843) | about 2 years ago | (#39651267)

That's not completely fair. QC's main function is to make sure the product works as advertised - and the switch does work correctly. It just has a few extra files on an internal bit of memory - not visible to the outside world in normal product use.

This sounds more like a failure in the manufacturing process - either (a) the malware was on the golden copy that was generated by HP (which would be an engineering failure made in the USA), or (b) the malware got added by the fabrication house (which would be a supplier failure, but should have been caught by US engineering when they verified the first production samples).

Re:Paging Quality control (1)

Darinbob (1142669) | about 2 years ago | (#39652375)

As this sounds, problems only occur if you take the compact flash out of the switches and use them with a computer which could be infected by the malware (ie, a pc). The switch itself is not damaged by the malware, it's just an extra file that is ignored by the firmware.

Re:Paging Quality control (0)

Anonymous Coward | about 2 years ago | (#39651751)

I could easily see one created that only goes viral after a random interval.
The start up mode would provide no real clue to the intended payload.

Looks like those old 3Com switches are going to be even more valuable.

jr

Re:Paging Quality control (1)

Anonymous Coward | about 2 years ago | (#39653595)

It could have been worse, the flash card could have been infected with their new printer OS, the switch would keep asking you for a new Ethernet cable even though you just installed a fresh one and boot up time would last 10-20 minutes as it cycled all the status lights 100 times just to make sure they are working then would require a bloated software program to work, only to find out the windows 7 computers won't work with the switch half the time because of the software. And if your lucky the switch won't randomly drop the static IP assigned to it for god knows what reason.

Trust me it could have been worse, alot worse.

Re:Paging Quality control (1)

gl4ss (559668) | about 2 years ago | (#39655367)

yep it's there. but quality control is just "do all the stuff that was on the document" so nobody can be blamed.

Re:Paging Quality control (1)

DickBreath (207180) | about 2 years ago | (#39657499)

> Hello? Quality Control? Are you there?

This is a huge failure of the Chinese quality control. If they had done everything right, this malware would have gone undetected.


--
All that is necessary for Apple to triumph is for Google men to do nothing.

You say malware... (3, Interesting)

samazon (2601193) | about 2 years ago | (#39649841)

The lack of detail regarding the malware (I keep typing maleware for some reason?) makes me want to jump to conclusions. The most fun one has to do with a bored programming intern and pornography, the least interesting is "they screwed something up and are blaming it on someone else."

likely the system the loads the image has malware (2)

Joe_Dragon (2206452) | about 2 years ago | (#39649907)

likely the system the loads the image has malware on it and it loads a fat file system and it's running windows with malware that auto copy and installs it self to any disk that it sees

Not to double post... (4, Informative)

samazon (2601193) | about 2 years ago | (#39649871)

"The flash card wouldn't do anything on the switch itself but "reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity," HP warned in a bulletin issued on Tuesday." http://www.theregister.co.uk/2012/04/11/hp_ships_malware_cards_with_switches_oops/ [theregister.co.uk] I think is a LOT more concise and explanatory of the issue.

Re:Not to double post... (1)

quarmar (125648) | about 2 years ago | (#39650101)

The switches probably run Linux internally, so the malware wasn't noticed by QA. Take the card out of a switch and stick it in your Windows PC, and the issue surfaces.

Re:Not to double post... (0)

Anonymous Coward | about 2 years ago | (#39650471)

Probably their whole QA department has the virus though. ;-)

Re:Not to double post... (0)

Anonymous Coward | about 2 years ago | (#39651369)

Yeah, I hear it's Ubuntu-like, the linux on there. Ciscos run something closer to RH-like (or openwrt-like), I hear, and the HPs run linux. It's taken the whole RH-vs-Debian rivalry to a whole new level at the sweatshop.

Re:Not to double post... (2, Informative)

Anonymous Coward | about 2 years ago | (#39654025)

Dude. I work at HP. That firmware has been in use since at least the mid '90s. I can tell you for a fact that it runs Slackware.

Re:Not to double post... (0)

Anonymous Coward | about 2 years ago | (#39655067)

Not wanting to ruin the buzz, I strongly belive that my procurve runs ecos (http://en.wikipedia.org/wiki/ECos) with of course something on top.

Re:Not to double post... (1)

Sponge Bath (413667) | about 2 years ago | (#39650435)

So the HP warning supposes:
1. Average Joe employee has physical access to the switches.
2. AJ will be motivated to make off with a component from the switches.
3. AJ will happily stick the purloined part into a Windows PC.
4. The Windows PC will auto play the contents.

That sounds about right.

Re:Not to double post... (1)

jaymemaurice (2024752) | about 2 years ago | (#39655521)

I could see some IT guy sticking the flash card into an win2k or XP machine to duplicate it onto another card. Maybe an old laptop that they kept burried in a drawer in their datacenter because it has a serial port...

How much does that cost? (4, Funny)

it0 (567968) | about 2 years ago | (#39649889)

Malware sure is expensive these days!

Remeber kids, the best things in live are for free

Blame - Let Me Guess ( Score: +5, PatRIOTic ) (-1)

Anonymous Coward | about 2 years ago | (#39649901)

North Korea [npr.org]?

Yours In Beijing,
K. Trout, C.T.O.

The future looks grim (0)

Anonymous Coward | about 2 years ago | (#39649961)

In the future, whats to stop China from controlling everyone's infrastructure if we rely on them to manufacture everything?

Re:The future looks grim (1)

couchslug (175151) | about 2 years ago | (#39650287)

The fact they don't want to kill their host.

Re:The future looks grim (1)

drnb (2434720) | about 2 years ago | (#39650547)

In the future, whats to stop China from controlling everyone's infrastructure if we rely on them to manufacture everything?

The fact they don't want to kill their host.

Wrong analogy. Replace "host" with "goose that laid the golden egg". The goose is expendable and/or replaceable.

Re:The future looks grim (1)

AlienIntelligence (1184493) | about 2 years ago | (#39661353)

Wrong analogy. Replace "host" with "goose that laid the golden egg". The goose is expendable and/or replaceable.

Citation Please.

-AI

Increase in bashed-in heads seen in hospitals.... (3, Interesting)

rts008 (812749) | about 2 years ago | (#39650031)

I have admiration and sympathy for IT shops that truly try to set up and maintain a secure, productive network. At times, it must seem that EVERYONE and everything are working against you, and your just bashing your head against a wall.

A ready made, turn-key botnet slave in a box, direct from your hardware vendor! Oh Joy! ;-)

Re:Increase in bashed-in heads seen in hospitals.. (1)

Anonymous Coward | about 2 years ago | (#39650523)

A ready made, turn-key botnet slave in a box, direct from your hardware vendor! Oh Joy! ;-)

RTFA or do not post. It was a freaking cheapo flash card from the pachinko loona electric corp .tw that is the problem. You can bet that HP got them dirt cheap. The switch itself is not the problem as the firmware just reads the MS fat file system that the flash card uses and no doubt just stores log data and the like on an external flash. I can just as easily put that same infected flash card on my Linux firmware TV or blueray player and not have problems or even stick into my laptop (which runs Linux) and still not have anything to worry about. However if I stick into a Windows PC like a default XP reinstall with autorun turned on it is a different story.

The moral of the story is HP is cheap and once again they are reselling product from sources that they should more closely monitor. After all it is the responsibility of HP, Dell, IBM, Lenovo and all the manufactures that sell systems to make sure that Windows systems are safe... not Microsoft ;-) The very fact that malware like this still exists and can infect a system tells me that the more older Windows XP systems that get infected the happier Microsoft is.

Re:Increase in bashed-in heads seen in hospitals.. (2)

fuzzyfuzzyfungus (1223518) | about 2 years ago | (#39652661)

Honestly, I'd be more worried about the fact that my not-at-all-cheap(and in many environments, not redundant, except at key points, definitely not for individual workstations) switches are booting from a dirt cheap flash card that's had its image loaded with verification so lousy that it missed the viral payload...

I've have a fair number of cheap and nasty flash cards die on me, and that'd be a whole lot more annoying if there were a few grand worth of switch wrapped around the card when it happened(though I can say from personal 'dding-a-working-card-onto-a-CF-card-from-Staples-to-replace-the-boot-medium-of-$3k-worth-of-Alcatel' experience that HP is hardly the only one that does it).

Re:Increase in bashed-in heads seen in hospitals.. (1)

jaymemaurice (2024752) | about 2 years ago | (#39655553)

I would have thought part of the manufacturing process would have been dd-ing the card with a fresh layout... forget they are cheap cards - electronic parts are cheap, especially in wholesale and the fact your Alcatel/Cisco/Procurve hardware probably got their $.00001 resistors and surface mount diodes from the same place. ... nothing should have survived the write / verify of the media during their final manufacturing/QA process.

Re:Increase in bashed-in heads seen in hospitals.. (1)

rts008 (812749) | about 2 years ago | (#39666195)

RTFA or do not post. It was a freaking cheapo flash card from the pachinko loona electric corp .tw that is the problem.

Well, I did RTFA.

So, are you saying that a flash card is not part of the hardware? Is the card software or firmware, or is actually a piece of hardware?
Did not HP supply this 'cheapo flash card' with the switch?

So, really, just what is your objection to my comment?

Increase your level of education and improve your reading comprehension to at least a high-school level, or do not post. ;-)

Re:Increase in bashed-in heads seen in hospitals.. (1)

cosm (1072588) | about 2 years ago | (#39654121)

A ready made, turn-key botnet slave in a box, direct from your hardware vendor! Oh Joy! ;-)

If you had made last Tuesdays' 2:30 you'd have known that this is a new solution from our vendor to provide ubiquitous control and synergistic integration!

Not a problem (0)

Anonymous Coward | about 2 years ago | (#39650129)

HP, GE, Dell, Apple, etc. join the list of companies like IBM. IBM showed once before that profits go ahead of morals or loyalty. And it continues to this day.

Not sure whats worse... (1)

papasui (567265) | about 2 years ago | (#39650913)

having your machines infected with the virus or having spent money on a HP layer 3 switch.

Re:Not sure whats worse... (0)

Anonymous Coward | about 2 years ago | (#39652591)

What's wrong with HP L3 switches? I maintain a few 8212zls, and have no issues with them.

Re:Not sure whats worse... (1)

jaymemaurice (2024752) | about 2 years ago | (#39655579)

My exprience with procurves must have been very different then yours. You must not be doing multicast, care when the switch decides not to switch packet, or when the switch keeps forgetting its cam table. You also must not be changing vlans through SNMP, have a large number of vlans, or enjoy a proper CLI.
For the price, you should be able to get better gear.

Re:Not sure whats worse... (0)

Anonymous Coward | about 2 years ago | (#39666031)

We use multicast. I haven't struck any of the issues you mentioned, but we only have static VLANs, and there's only about 35 of them. What are the symptoms when your gear forgets the cam table, unicast becoming broadcast?

I like the CLI - it's way more intuitive than the 3Com crap we used to use.

Re:Not sure whats worse... (1)

DigiShaman (671371) | about 2 years ago | (#39654081)

HP ProCurve switches are among the best the industry has to offer. Not all gigabit switches are the same. Reliability, warranty, support, and internal throughput are all important aspects when choosing a switch.

Re:Not sure whats worse... (1)

cbope (130292) | about 2 years ago | (#39654445)

I run a 16-port Gigabit HP ProCurve switch at home, because I was tired of the crappy quality of consumer-level, "disposable" switches. It's built like a tank and has throughput numbers far higher than consumer-level gear, plus I don't need to worry about either the switch failing after 1.5 years of 24/7 operation, like consumer gear. I have had failures from every major consumer brand of switch or router over the past 12 years or so, D-Link, Netgear, Linksys, etc. I expect my HP switch to last at least 10 years if not longer.

Unlike their computer division, HP's networking division still makes quality gear. Too bad they will get some bad press for this, although I can see how something like this can happen as it appears the virus is Windows-based and would not be detected during switch manufacturing, unless the switch was running embedded Windows. I would almost bet it's a supplier infection, where the CF cards were tested or programmed on an infected Windows machine and then shipped to HP.

3 CEOs in as many years (1)

gelfling (6534) | about 2 years ago | (#39650937)

How's that working out? Hewlett and Packard would cry if they came back to see what you've done to their baby.

Is there... (0)

Anonymous Coward | about 2 years ago | (#39653235)

Anything HP can't fuck up?

..which has been a hot topic as of late (ER-UM-AY) (0)

Anonymous Coward | about 2 years ago | (#39653963)

This, ladies and germs, is a sure indicator that the person or persons in question, herewithto notwithstanding bridal cardiac infarctions, under penalty of perjurious law and tort, is none other than a cliche'-ridden Freudian-angst suffering closet homsexual transvestite. Like Taco. Where is Taco? I miss my Taco.

And if OJ can get, so can this guy, ay Judge Judy-Ito?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...