Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Exploit Found to Brick Most HP and Compaq Laptops

Soulskill posted more than 6 years ago | from the cool-looking-paperweight dept.

Security 294

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

cancel ×

294 comments

Two points about the article's headline. (5, Informative)

Whiney Mac Fanboy (963289) | more than 6 years ago | (#21773652)

Two points about the article's headline:

1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

2) This is a software problem, not a hardware problem. I doubt this exploit is going to work on my (old & crappy) HP sempron laptop, seeing as its dual booting Debian & OS X.

A better headline would be "Exploit found in HP update software" - but I guess that's just not that ad-revenue generating.

Re:Two points about the article's headline. (5, Informative)

Ignorant Aardvark (632408) | more than 6 years ago | (#21773696)

It's annoying how the word brick has lost all meaning recently. If this exploit actually allowed bricking that would be huge news. But it doesn't. A computer that merely needs its OS repaired/reinstalled is not bricked. Slashdot editors, please figure that out already.

Re:Two points about the article's headline. (4, Funny)

smitty_one_each (243267) | more than 6 years ago | (#21774030)

All in all, it was just a brick in the wall.

Re:Two points about the article's headline. (1, Flamebait)

I_Heat_Sexylaid (675028) | more than 6 years ago | (#21774252)

This Fink Ployd refenrece was fnuny how?

retards like puns. (0)

Anonymous Coward | more than 6 years ago | (#21774288)

not much else to it.

Re:Two points about the article's headline. (4, Funny)

caluml (551744) | more than 6 years ago | (#21774482)

fe1 ~ # echo Brick! | wall

Broadcast message from root (Fri Dec 21 02:16:49 2007):

Brick!
fe1 ~ #
Wonder what any users on there will think?

Re:Two points about the article's headline. (1, Troll)

urcreepyneighbor (1171755) | more than 6 years ago | (#21774100)

It's annoying how the word brick has lost all meaning recently.
Blame the Apple fanbois and their overpriced, crappy iPhones. Seriously.

Re:Two points about the article's headline. (1)

Thansal (999464) | more than 6 years ago | (#21774228)

Honestly, bricking has NOT lost any connotation, this is just a poorly worded headline.

hell, only reason I clicked it was "DAMN, and exploit that will fry a laptop completely?!"

Then I read that it simply messes up some Windows files....

Re:Two points about the article's headline. (5, Informative)

MorpheousMarty (1094907) | more than 6 years ago | (#21774382)

Damn straight, I'm glad you got the comment in early. Bricking is one of the last pure computing terms around. Memory, CPU, Operating System, code, hack, have all come to mean a lot of things, but bricking still has specific meaning. If you can do anything at all to the device without touching the hardware to make it run again it is not bricked. Even if it voids the warranty. Please please please don't confuse the meaning, bricking is game over, everything else is everything else.

Re:Two points about the article's headline. (1)

tepples (727027) | more than 6 years ago | (#21773832)

You can pop in your recovery CD & away you go.
But do these computers come with a recovery CD, or just a recovery partition? I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.

Re:Two points about the article's headline. (1)

Carnildo (712617) | more than 6 years ago | (#21773912)

I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.


Every Compaq recovery CD I've encountered has been the "format and reinstall" sort.

Re:Two points about the article's headline. (0)

Anonymous Coward | more than 6 years ago | (#21774142)

but the point still stands that the hardware isn't bricked, it'll still boot and work like it's supposed to as long as it has a non-corrupted operating system. If you wiped it out, bunged linus & apache on it and just left it on (mains powered) 24/7 as a webserver, it would work just as well as an identical laptop which hadn't suffered from this exploit.

Re:Two points about the article's headline. (5, Insightful)

Nosklo (815041) | more than 6 years ago | (#21774314)

But do these computers come with a recovery CD, or just a recovery partition? I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.
The point is, if you can use the computer after the exploit, it is not a brick, so it is not *bricked*. If you lost your documents or not has nothing to do with it.

Re:Two points about the article's headline. (1)

sgbett (739519) | more than 6 years ago | (#21774510)

amen

nuked != bricked

Re:Two points about the article's headline. (4, Informative)

multisync (218450) | more than 6 years ago | (#21774316)

I've also read about recovery CDs that entirely reformat the computer's hard drive, taking My Documents with it.


Popping the hard drive in to one of those USB enclosures and copying your data files onto another machine before running the recovery CD looks after that. The summary says the exploit just corrupts Windows' kernel files. Assuming it doesn't do anything further to make your data unreadable, there is no reason to lose any data.

Re:Two points about the article's headline. (1)

tepples (727027) | more than 6 years ago | (#21774446)

Granted about the documents.

The summary says the exploit just corrupts Windows' kernel files.
So how does the owner of a PC that did not come with a recovery CD get the kernel file back?

Re:Two points about the article's headline. (1)

frup (998325) | more than 6 years ago | (#21774556)

or a Linux live CD with NTFS rw could do some good, especially if you have decent backup options.

Re:Two points about the article's headline. (1)

Joe The Dragon (967727) | more than 6 years ago | (#21773894)

you maybe able to use the same vulnerabilities to install a bad bios flash.

Re:Two points about the article's headline. (1)

calebt3 (1098475) | more than 6 years ago | (#21773956)

You'd think they would have said so.

Re:Two points about the article's headline. (-1, Redundant)

RobertM1968 (951074) | more than 6 years ago | (#21774088)

Here goes my karma...

It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.'

3) Running Windows for too long accomplish the same thing...

4) See number 2 above in PP.

5) How is this news when there are exploits out there that do this on any flavor of Windows regardless of the hardware? Why waste time writing an exploit for a specific laptop series when you can write one that doesn't care what laptop or desktop it is - as long as it is running Windows? Yeah... every OS has it's flaws, but MS makes it SOOOO easy.

6) There goes my karma!

Re:Two points about the article's headline. (1)

dave562 (969951) | more than 6 years ago | (#21774280)

It's news because there aren't exploits that do this on any flavor of Windows. The article states that it exploits a flaw in HP software running under Windows. That's kind of like saying that an exploit in PHP makes Apache insecure.

Re:Two points about the article's headline. (4, Interesting)

abigor (540274) | more than 6 years ago | (#21774102)

Apologies for the possibly stupid question, but how are you booting OS X on an HP laptop?

Re:Two points about the article's headline. (3, Informative)

HAKdragon (193605) | more than 6 years ago | (#21774358)

He's probably running a hacked version of the Intel release of OSX. See http://wiki.osx86project.org/ [osx86project.org] for more info.

Re:Two points about the article's headline. (5, Informative)

Ian Lamont (1116549) | more than 6 years ago | (#21774174)

The original headline I submitted was: Researcher lists new HP/Compaq laptop exploits Not too far from your suggestion ...

Re:Two points about the article's headline. (0)

Anonymous Coward | more than 6 years ago | (#21774292)

1) The linked article does not describe a successful bricking. You can pop in your recovery CD & away you go.

The laptops were "Bushed"

Desktops? (0)

DAldredge (2353) | more than 6 years ago | (#21773656)

Does this apply to any of the HP desktop line?

According to my sources... (5, Funny)

Spy der Mann (805235) | more than 6 years ago | (#21773664)

there's a patch available, but it involves penguins ;-)

Donate how much to Wine? (0)

tepples (727027) | more than 6 years ago | (#21773870)

there's a patch available, but it involves penguins ;-)
But can the patch that involves penguins run the application that the user bought the laptop to run?

Fight Microsoft. Donate to WINE.
For the price of donating enough money Wine to pay a programmer to implement complete support for the application, one could buy several copies of genuine Windows Vista Ultimate.

Re:Donate how much to Wine? (4, Insightful)

Carnildo (712617) | more than 6 years ago | (#21773950)

For the price of donating enough money Wine to pay a programmer to implement complete support for the application, one could buy several copies of genuine Windows Vista Ultimate.


For the cost of a thousand copies of Vista Business, you could pay Wine programmers to support every app your company uses.

Re:Donate how much to Wine? (5, Insightful)

Jeremiah Cornelius (137) | more than 6 years ago | (#21774384)

For a fraction of the investment, support the development of POSIX portable apps, and dump the platforms which don't have POSIX calls and portable libraries.

Re:According to my sources... (5, Funny)

alx5000 (896642) | more than 6 years ago | (#21774020)

Linux. The OS even bricks can run.

Re:According to my sources... (1)

afidel (530433) | more than 6 years ago | (#21774104)

There's a patch available and it's called a volume license key disk. I NEVER use the factory default image which is why I can't support Sony Vaio's despite the fact that I like the hardware, they don't provide a way of taking a VLK disk and getting a working machines you HAVE to install from the recovery disk.

Re:According to my sources... (1)

GaryOlson (737642) | more than 6 years ago | (#21774300)

...I can't support Sony Vaio's despite the fact that I like the hardware, they don't provide a way of taking a VLK disk and getting a working machine
You can't extract the drivers from the reinstallation CD and create a bootable installation with nlite/WindowsPE/other tool? Just curious...I usually discourage Sony purchases because of their horrible depot repair.

Re:According to my sources... (1)

afidel (530433) | more than 6 years ago | (#21774392)

Not that I've been able to deduce, it's almost like they load a freaking alternate HAL or something, Sony support had been worthless so I told the C level person that wanted it that I would be happy to add it to the domain but that I couldn't offer any support beyond that. After some sideways glances my way I explained in plain English why I couldn't support it and offered to find an HP with similar features. He ended up with an HP with a high res, high contrast display that worked with a slightly tweaked version of our standard image. It was about 8oz heavier than the Sony but otherwise pretty comparable.

Argh (4, Informative)

obeythefist (719316) | more than 6 years ago | (#21773670)

This is NOT bricking. The OS is simply disabled and can be reinstalled/system repaired whatever.

Bricking means rendering the device completely inert and beyond normal repair methods.

Re:Argh (2, Interesting)

a_nonamiss (743253) | more than 6 years ago | (#21773756)

In theory, the exploit could probably be used to flash a bad BIOS image or something, so maybe the headline is possible if not entirely correct...

Re:Argh (4, Interesting)

obeythefist (719316) | more than 6 years ago | (#21773924)

Ahh, it's not at all, that reminds me of the old joke:

A couple goes on vacation to a fishing resort. The husband likes to fish at the crack of dawn. The wife likes to read. One morning the husband returns after several hours of fishing and decides to take a short nap. Although she isn't familiar with the lake, the wife decides to take the boat. She motors out a short distance, anchors, and continues to read her book. Along comes the game warden in his boat. He pulls up alongside her and says,"Good morning, Ma'am, what are you doing?" "Reading my book," she replies, thinking isn't that obvious? "You're in a restricted fishing area," he informs her. "But officer, I'm not fishing. Can't you see that?" "Yes, but you have all the equipment. I'll have to take you in and write you up." "If you do that, I'll have to charge you with rape," says the woman. "But I haven't even touched you," says the game warden. "That's true, but you do have all the equipment."

The capability does not equal the crime, thankfully, so while you might put the laptop in a position it's brickable, it's not. Also, with dual bios's, bricking something like a laptop requires quite a bit of effort!

Re:Argh (2, Insightful)

AbRASiON (589899) | more than 6 years ago | (#21773860)

Exactly- this word has run its course, too many dipshits don't know how to use it.

Only way to repair a bricked item is for the manufacturer to repair it or some kind of emergency flash for example - like that old virus long ago which took out the ABIT BH6 boards bios.

Re:Argh (1)

obeythefist (719316) | more than 6 years ago | (#21773970)

Although, I must say, if there are people who really believe that because the OS doesn't boot, it's bricked, I would be happy to take those nasty old bricks off their hands and, err, "dispose" of them safely. Really.

Re:Argh (1)

dbIII (701233) | more than 6 years ago | (#21774440)

It's is brick for a given value of brick - just as the writer is the Pope for a given value of Pope since he went to Sunday School as a child. Relax and remember that people that learned to wread under Raygun like to make up their own meanings for terms like operating system etc.

Perhaps (3, Informative)

Zebra_X (13249) | more than 6 years ago | (#21773698)

We should revisit what "Brick" *actually* means: "When used in reference to electronics, "brick" describes a device that cannot function in any capacity (such as a machine with damaged firmware)." (Wikipedia)

Lately several submissions have used this term incorrectly. Come on, we're supposed to be nerds, not Cringely.

More correctly.... (1)

EmbeddedJanitor (597831) | more than 6 years ago | (#21773986)

A "brick" is a device that cannot be resored to original functionality. There is a difference.

Many/most devices have a "low level monitor" that supports reflashing the firmware. If that low level monitor gets hosed then you have a big problem (break out the JTAG cables etc).

Of course technical terms get bandied about by pseudo-nerds which does confuse things.

!BRICK FFS (5, Insightful)

caitsith01 (606117) | more than 6 years ago | (#21773700)

Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP. You can reinstall Windows and it will work. Therefore it is not a brick, it is not bricked, it has no aspect of brickishness, not even a hint of brickening.

What the HELL is wrong with you morons??? Do you even read Slashdot discussions? This has been pointed out over and over and over again.

Bricking involves killing something dead in such a way that it becomes, in effect, an expensive paperweight or 'brick' if you will. As you are clearly retarded, let me explain that a 'brick' is typically a rectangular piece of clay or similar material hardened in a furnace and used to construct buildings and other structures, and usually has no functionality beyond this. Unlike the device in this story, reinstalling Windows on an actual brick will not lead to increased capabilities.

Re:!BRICK FFS (5, Funny)

Anonymous Coward | more than 6 years ago | (#21773744)

Corrupting a Windows install does NOT BRICK A GOD DAMNED LAPTOP.

If it did, then Windows would be considered self-bricking.

Re:!BRICK FFS (1)

arotenbe (1203922) | more than 6 years ago | (#21773830)

Unlike the device in this story, reinstalling Windows on an actual brick will not lead to increased capabilities.
Don't you see? Installing Windows on anything will lead to decreased capabilities.

Re:!BRICK FFS (3, Funny)

machine of god (569301) | more than 6 years ago | (#21773854)

No, no, it does. It's, uh, you need a new one. So just, you interested in selling that one? You know... for parts?

Re:!BRICK FFS (2, Funny)

eu4ik (103529) | more than 6 years ago | (#21774014)

"...a 'brick' is typically a rectangular piece of clay or similar material hardened in a furnace and used to construct buildings and other structures, and usually has no functionality beyond this"

Close. Don't forget that a half brick in a sock makes a very effective weapon to use against, oh, let's say Slashdot editors who don't know the meaning of "brick".

In that respect, a truly "bricked" laptop is probably even less useful than a real brick. Too big to fit in most socks...

:)

Re:!BRICK FFS (3, Funny)

geminidomino (614729) | more than 6 years ago | (#21774070)

In that respect, a truly "bricked" laptop is probably even less useful than a real brick. Too big to fit in most socks...

:)
There's a patch for that. A pillow case

Re:!BRICK FFS (1)

knarf (34928) | more than 6 years ago | (#21774076)

Hmmm...

There does not seem to be that much difference between a laptop and a brick given that (re)installing Windows on either does not lead to increased capabilities... :-)

Re:!BRICK FFS (0)

Anonymous Coward | more than 6 years ago | (#21774160)

"reinstalling Windows on an actual brick will not lead to increased capabilities."

Neither will installing it on any computing device, IMHO :p

Re:!BRICK FFS (5, Funny)

JK_the_Slacker (1175625) | more than 6 years ago | (#21774190)

I beg to differ. I've seen bricks used as paperweights, doorstops, melee weapons, missiles, jackstands, stepping stools, water-saving devices, exercise equipment, depth probes, counterweights, tourist attractions, ballast, keyless entry devices, cookware, heating elements, hammers...

I will not have you slandering the name of the noble and versatile brick!

Re:!BRICK FFS (1)

defro (857858) | more than 6 years ago | (#21774464)

"brickishness" Classic. Probably the first /. article comment that has made me laugh. Nice work.

Meaning of "brick" (0, Redundant)

Anonymous Coward | more than 6 years ago | (#21773704)

When did "brick" stop meaning that the device was rendered utterly useless forever, and change to mean that the device simply stopped working and needed to be repaired?

Brick? (3, Informative)

wiredlogic (135348) | more than 6 years ago | (#21773706)

Bricking refers to rendering a device inoperable in a more significant way than corrupting data on a hard drive. These machines can still be booted from external media and restored. A truly bricked device would have its firmware corrupted or suffer some sort of damage not easily repaired without specialist tools.

Define "specialist tool" (1)

tepples (727027) | more than 6 years ago | (#21773910)

A truly bricked device would have its firmware corrupted or suffer some sort of damage not easily repaired without specialist tools.
The implications of your statement depend on how you define "specialist tool". One might consider a Windows recovery CD a specialist tool. A lot of PCs don't come with one, instead coming with a recovery partition that a trojan can easily erase once it elevates itself to administrative privileges. Besides, a lot of recovery CDs and recovery partitions will erase all user documents when run, and automated backup is also a specialist tool.

Re:Define "specialist tool" (1)

pizzach (1011925) | more than 6 years ago | (#21774004)

I had the same thought as you, tepples. I suppose in the modern PC world a MS Windows install CD is a specialist's tool. But in the Mac and Linux worlds it's a OMFG they didn't include it!? WTF is wrong with these people!?!?! The cheap bastards!!!!!

Re:Define "specialist tool" (1)

ion.simon.c (1183967) | more than 6 years ago | (#21774236)

Utilizing a "specialist tool" involves procedures that can be performed by neither your average 13-year old, nor a Level-1 technician instructing a customer over the telephone.

Seriously. Hush!

Re:Define "specialist tool" (1)

tepples (727027) | more than 6 years ago | (#21774420)

Utilizing a "specialist tool" involves procedures that can be performed by neither your average 13-year old
My 10-year-old cousin knows some BASIC and some C and would probably be capable of following the Pandora's Battery guide to unbrick a PSP. But then again, I have an above-average 10-year-old in the family.

nor a Level-1 technician instructing a customer over the telephone.
I can't imagine how a Level-1 tech would instruct a user as to how to go buy a copy of Windows to replace the recovery partition that the trojan nuked, or how to go buy an external hard drive and a copy of Knoppix on CD to be able to recover the user's documents before using a reformat/reinstall CD.

Editors: Learn the meaning of words (2, Informative)

MrBud (261721) | more than 6 years ago | (#21773712)

Bricking means to render unbootable with no means of recovery other than sending back to the manufactures. This is usually done through the corruption of the firmware.

BS (2, Informative)

Anonymous Coward | more than 6 years ago | (#21773726)

Corrupt the BIOS = bricked. Corrupting Windows = not bricked.

Bricked? (5, Funny)

T-Bone-T (1048702) | more than 6 years ago | (#21773752)

Did anybody mention that they used "bricked" incorrectly?

Re:Bricked? (1)

mythicknight (986282) | more than 6 years ago | (#21774284)

They did? Damn, thanks for pointing it out.

Line Up! (1)

Major Blud (789630) | more than 6 years ago | (#21773762)

So who wants to be the first to try? ;-)

Not Bricked (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21773782)

WTF? It's not bricked. Simplest example is this little BIOS exploit which will brick anything [dwarfurl.com] [wikipedia.org]

Maybe it's just Arthur vs Ford (1)

Provocateur (133110) | more than 6 years ago | (#21773788)

to paraphrase Mr Dent:

Ah, this is obviously some strange use of the word brick that I wasn't previously aware of.

porkythepig (4, Funny)

RockMFR (1022315) | more than 6 years ago | (#21773806)

It will l-l-l-let an attacker corrupt W-w-w-windows! T-t-t-that's all folks!

From the exploit description (4, Insightful)

The MAZZTer (911996) | more than 6 years ago | (#21773820)

It sounds like the user needs to be using Internet Explorer in order to be vulnerable. I doubt anything happens on Firefox or other browser since there is purposely no ActiveX support there.

Also I note that the exploit description itself never uses the inaccurate word "brick".

Re:From the exploit description (1)

snl2587 (1177409) | more than 6 years ago | (#21774026)

It sounds like the user needs to be using Internet Explorer in order to be vulnerable.

This describes the majority of Windows users.

STOP MISUSING THE TERM "BRICK"!!!!! (0, Redundant)

Anonymous Coward | more than 6 years ago | (#21773822)

When idiots keep misusing the term brick, and then so-called knowledgeable editors of Slashdot reinforce it's usage, it is going against everything that Slashdot is supposed to be about, which is the spreading useful information. "Brick"ing came about from PSP hacking where the entire PSP could no longer be brought up at all, if particular hacks were made to the device. No amount of reinstalling would work, because it just wouldn't turn on, rendering it as useless as a brick.

Making a computer unbootable, is not "brick"ing it. Please. Stop the flow of misinformation and misusing of terms, and do not reinforce its usage.

This is NOT bricking. (0, Redundant)

Anonymous Coward | more than 6 years ago | (#21773824)

This is NOT bricking. Whoever wrote this article description up is clueless. Actually if you look at the technical savvy of the average Slashdot user from 1999 until today you'll see that the technical knowledge has been dropping ever since about 2000. Slashdot users used to be way smarter and more experienced. Nowadays it seems like the average Slashdot user is just some computer hobbiest who runs Ubuntu when in past years Slashdot was full of developers, sysadmins and the like.

Re:This is NOT bricking. (1)

recharged95 (782975) | more than 6 years ago | (#21774286)

Call it the law of averages as the internet gains more mainstream users.

Or call it democracy.

Okay, "bricked" was the wrong word...but! (4, Interesting)

erroneus (253617) | more than 6 years ago | (#21773844)

The story is yet another illustration of how dangerous ActiveX is. This is not the first example and it probably won't be the last. So many other things depend on or otherwise utilize activex... some are highly security sensitive like in the case of ADP. I cannot understand why, after all these years of examples why Microsoft hasn't recalled the use of the technology as inherently dangerous. But really, it's worse than that. It breaks the premise of the web. The use of the web is not supposed to be limited to a certain hardware specification under a certain software configuration... this is irrelevant, of course, to the dangers pushed upon the users who are often required to use it.

Re:Okay, "bricked" was the wrong word...but! (1)

Jugalator (259273) | more than 6 years ago | (#21774122)

That's why IE has ActiveX disabled by default nowadays. If enabled, then yes, it acts like any other executable file running under your user privilegies.

Agree with both points. (4, Interesting)

argent (18001) | more than 6 years ago | (#21774266)

1) Bricked is the wrong word.

2) This hilights the dangers of any holes in a sandbox. The only secure way to design a sandbox is for there to be no mechanism from inside the sandbox to request access outside it... whether by installing a plugin, executing an external application, or otherwise elevating privileges. Even if the request is normally denied, the existince of that mechanism itself creates a new class of attacks.

The corollary to point two is that ActiveX is not just a security hole, it's a different *kind* of security hole.

On the other hand, all three of the most common browsers have a mechanism to request access outside the sandbox. None of them are as bad as ActiveX, but they're all unnecessary.

* Any browser on Windows is subject to URI quoting attacks on helper applications, due to the lack of a guaranteed quote-safe command line and the use of a single set of helper bindings for trusted and untrusted sources.

* LaunchServices on OS X duplicates the second problem as well.

* Firefox and Safari both allow web pages to request plugins be installed: XPI in Firefox and Dashboard plugins in Safari on OSX. They both wrap these interfaces in multiple levels of "approval dialogs", but my experience is that there are too many people who can be relied upon to eventually hit "go ahead and infect me" by reflex.

* Safari and Internet Explorer can both be made to, with various amounts of approval dialogs, open downloaded documents automatically. Safari used to do this by default but thankfully it's now an option... but really that capability should not be there at all.

None of these holes in the sandbox actually make things more convenient for users. They look like they might, but it's actually easier to download a document or a plugin and than (as a separate step) request that it be opened or installed from a file browser or from a download manager, because making the operation asynchronous and deliberate like that means you don't have to go crazy with approval dialogs, because you're not running the risk of an unexpected dialog coming up for a user with an itchy mouse button...

Re:Okay, "bricked" was the wrong word...but! (1)

CastrTroy (595695) | more than 6 years ago | (#21774394)

What I want to know is, what makes the hack so specific to HP/Compaq laptops? Couldn't the ActiveXploit be used on just about any computer to render it unbootable?

This is why we make our own clone-images (1)

toadlife (301863) | more than 6 years ago | (#21773898)

We have some of the affected models here at work, but I make my own clone images sans the HP crapware.

Re:This is why we make our own clone-images (1)

Tastecicles (1153671) | more than 6 years ago | (#21774150)

I make mine on Dell notebooks. One, because they're far more reliable and rugged (in five years' tech support I've repaired HP/Compaq, Toshiba, Lenovo, NEC/Packard Bell, Fujitsu-Siemens, Panasonic, Samsung, Acer, Clevo, you name it, I've done dozens of models of several major brands. However, I have only ever had to repair three Dell notebooks in the entire time. One of those was mine. I was a bit careless with a BB gun and shot the screen. One had a new processor after the HSF failed and "bricked" the old one, after which it worked perfectly, and the third was also mine, which had a drink of fresh hot strong syrupy coffee and survived.

The number of other badges that didn't survive me is shocking. Most times it's down to ventilation. Clevo are the worst for heat-bricking. Toshiba are the worst for the power socket getting so hot they literally fall off the board.

Two, because the tech support from Dell is amazing (you got to know how to talk to these guys). All my Dell notebooks (11 of) are on Gold plan. [shameless plug for Dell extended tech support plans].

Re:This is why we make our own clone-images (1)

dave562 (969951) | more than 6 years ago | (#21774324)

[shameless plug for Dell extended tech support plans].

I think the same can be said for most vendors extended tech support. If you are willing to pay the extra money for better support they are really going to give you better support. At least that has been my experience with Compaq/HP.

If you removed the crap.. (2, Insightful)

GregPK (991973) | more than 6 years ago | (#21774066)

If you removed the crapware that HP sent out with it.. You'll be fine.. Just takes like 3 or 4 hours to do it all though... Extremely annoying...

Re:If you removed the crap.. (1)

quarrel (194077) | more than 6 years ago | (#21774196)

3-4 hours? You should get faster drives. Mine format much quicker.

--Q

Re:If you removed the crap.. (1)

Kankraka (936176) | more than 6 years ago | (#21774506)

And you're not even kidding. It takes less time to use your exiting XP home/pro cd to install windows, and just download the drivers you need from HP's site than it does to take to restore the HDD image from -3- DVD's. Besides, they bundle wild tangent products in their install, so, I tossed that install the instant I bought an HP. It now dual boots XP Pro and Ubuntu 7.10 64bit. Quite pleased with the machine, except the LCD panel is pretty shoddy and filled with dead pixels through light wear.

Deal with it (0, Redundant)

geekoid (135745) | more than 6 years ago | (#21774082)

"Brick" will be used incorrectly, and it's meaning has changed. Don't waste time fighting it, we have lost. Just like 'Hacker' or a billion other phrases the media has misused.

Really, you're time is more valuable then that.

Re:Deal with it (1)

peektwice (726616) | more than 6 years ago | (#21774132)

As far as I'm concerned, if it has Windows installed on it from the factory, it's already bricked.

Re:Deal with it (2, Insightful)

Tony Hoyle (11698) | more than 6 years ago | (#21774172)

It's a fairly recent phenomenon.. like the iphone 'brick' that wasn't a brick at all but the press seemed to pick up on the word even though they have no idea what it means (if anyone really thinks their iphone is bricked I'm quite happy to dispose of it for them, for a fee of course).

Most people still use the term correctly.. but the press through their damned stupid ignorance is determined to change that. Slashdot should not be one of the sites doing it.. they're supposed to know better.

Re:Deal with it (1)

myz24 (256948) | more than 6 years ago | (#21774454)

I'm with ya, I call it the diluting the english language. People are always screwing up words and adding new meanings to them in such away as to destroy the original meaning.

Re:Deal with it (1)

Disfnord (1077111) | more than 6 years ago | (#21774398)

"It's" will be used incorrectly, and it's meaning has changed. Don't waste time fighting it, we have lost. Just like 'Hacker' or a billion other phrases the media has misused. Really, you're time is more valuable then that. or... "You're" will be used incorrectly, and it's meaning has changed. Don't waste time fighting it, we have lost. Just like 'Hacker' or a billion other phrases the media has misused. Really, you're time is more valuable then that. etc.

Re:Deal with it (2, Funny)

haakondahl (893488) | more than 6 years ago | (#21774408)

You forgot your </sarc> tag~

Despite this abusive news.. (1)

miknix (1047580) | more than 6 years ago | (#21774166)

.. I own a HP pavilion dv6535ep brick and it runs Linux [dot] [newline]

Supposing that I'm using windows, I don't really think that I would be running HP software crap.. [dot] [newline]



What's the story?

"bricking" (0, Redundant)

m2943 (1140797) | more than 6 years ago | (#21774200)

"Bricking" a device means destroying hardware or destroying firmware in a way that cannot be recovered.

Merely destroying a Windows installation is not "bricking" a machine; Windows needs to be reinstalled from time to time anyway.

I've known about this for years... (1)

PockyBum522 (1025001) | more than 6 years ago | (#21774260)

..But I didn't know "Plugging it in and using it" was considered an exploit.

Next time (-1, Redundant)

CompMD (522020) | more than 6 years ago | (#21774302)

The next time a person improperly uses the verb "brick" I will teach them the real meaning by bricking them. Yes, smashing someone in the noggin with a brick is in fact "bricking" a human.

Big deal... (0, Flamebait)

Howard Beale (92386) | more than 6 years ago | (#21774308)

HP/Compaq ships new laptops bricked. They call it 'Preinstalled with Windows Vista'.

A slight correction (1)

Frosty Piss (770223) | more than 6 years ago | (#21774328)

A security researcher calling himself porkythepig...
OK, let's be honest here. Competent Slashdot "editors" could have made these corrections...

An irresponsible hacker calling himself porkythepig...

Again... (0)

Anonymous Coward | more than 6 years ago | (#21774344)

People who submit articles to Slashdot need to learn what the fuck "Brick" means.

Yes billy, if you can reload windows and use the machine again, it's not a brick.

From Ye old Urban Dictionary:
Brick
As verb: to brick something.
This is the action of rendering any small-medium size electronic device useless.
This can happen whilst changing the firmware, soldering or any other process
involving either hardware of software.

ex: I bricked my mobile phone when I tried to install Linux on it.

A theory... (5, Interesting)

jbwolfe (241413) | more than 6 years ago | (#21774386)

...I must propose that Slashdot editors are involved in a conspiracy. To wit: In the past few months or so, we have had at least three submissions that have incorrectly used the term "brick" to describe a problem with typically simple solutions- distinctly not problems without solution. Anyone interested enough to submit an article to Slashdot would know the meaning of the term. Therefore, the only explanation is that the editors are cultivating the submissions in a way calculated to stimulate numerous off topic posts highlighting the improper use of the term, in turn increasing the traffic in order to generate add revenue. What's the definition of troll?

My Theory (1)

riffzifnab (449869) | more than 6 years ago | (#21774478)

Now news sources are just trolling /.

brick is the buzzword of today (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21774496)

for as much as most slashdorks try to act like they're not part of the buzzword laden world of corporate technology you fucks know how to beat them to death like a prospector's mule.
 
and about 80% of you obviously don't know what most of those buzzwords mean as you use them incorrectly.
 
and you're the same fags who think that you're above joe sixpack. methinks that you guys are just a bunch of star wars geeks who want to appear hip. you fail it. bitches.

Tell me why... (1)

westlake (615356) | more than 6 years ago | (#21774516)

Tell me why a legitimate "security researcher" calls himself "porky the pig." Tell me why I should trust anything he says.

Irene Demova Virus (1)

Megane (129182) | more than 6 years ago | (#21774538)

Well, at least that explains how the Irene Demova Virus [wordpress.com] could affect only a single brand of laptop. Now we just have to hope that teh terrists use unpatched HP laptops as bomb timers. [wikidot.com]
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...