lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Nov 28 22:25:45 2005
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: This crap needs to stop

Paul Schmehl wrote:

> <http://www.f-secure.com/weblog/#00000723>
> 
> Here's an interesting one. Peripherals manufacturer I-O Data has shipped a 
> series of nice-looking portable hard drives in the 40GB to 120GB range - 
> carrying the Backdoor.Win32.Tompai trojan on them.
> 
> They should be roasted just as Sony was for their backdoor DRM "technology".
> 
> Twits.

Yep -- yet another of a loooong, sad line of clueless techies dabbling 
in something they don't understand, resulting in a terrible mess (but 
hey -- MS has been doing it for years and years, so why not everyone 
elese?).

Anyway, on a more serious note, from I-O Data's (USA) home page:

   http://www.iodata.com/

   Welcome to I-O DATA DEVICE, INC.

   I-O DATA DEVICE, INC. is a top manufacturer and provider of high-
   quality computer peripherals and interface products, representing
   the finest technology Japan offers.

   Publicly listed in Japan, we're found globally with 11 sales
   offices, over 5000 retail stores, and 5 international group
   companies. We're also ISO9001/14001 Certified. We invite you to
   experience our ability to think beyond convention.

I guess putting Trojans among the software shipped on your external 
HDDs is "thinking beyond convention", so I'm glad the company has 
ISO9001-validated processes in place to ensure the quality of delivery 
of this non-conventional product feature...

Elsewhere the site touts the "Japanese Quality Control" of its 
products, so maybe it really _was_ intentional...    8-)

Reminds me of an old joke...

   What are the three scariest things in IT support?

   A user with a clever new idea.

   A developer with a screwdriver.

   And a hardware tech with some neat new software.

This case probably falls into the last of those, disastrously combined 
with a company with no systems or software smarts...


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ