lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp6gccsQG5BaZarrpnDD3uv0oUW4ptOnjBvOwScWoSOuRA@mail.gmail.com>
Date: Thu, 6 Oct 2011 11:06:21 +1100
From: xD 0x41 <secn3t@...il.com>
To: halfdog <me@...fdog.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Strange Lenovo x121e

Hrm this one is tricky, but smells so bad of preuse, specially when you said
this;

* Inside seal on plastic bag also intact, but glue is suboptimal, I
opened the bag without damaging the seal

Thats a clear sign of tamperage...thats when they tell you "do not buy" ...
so i wonder :s
I know it could be any -THINK pad/box, but i also know that Lenovo did buy
IBM boxes, wich still bore the seal of IBM and IBM hardware,then i believe
when Lenovo started pumping these out (in have about 6 of the P4 dual-cpu
ex-demos here), i saw on a complete wipe i did, nothing, no files left, and
these are actually lenovos, disguised as Ibm, or, so it should be according
to the dates.. IBM name must be able to be used also on lenovo products, i
just wiped 4 IBM wich were only one yr old, and they seem clean :s, so, i
went thru fdisk etc, nothing weird...
Is it perhaps something being leftover, from some badly warezd ISO Windows
install...wich can lay dormant, even after a format but, not after fdisk
usually... strange, i cannot figure this one.
It smells of pre-use, or ex-demo, but, i have got, 3 ibm netvista 2cpu
boxes,1 3.3gig awesome IBM thinkcentre,fastest box i have as in loading/swap
access,and IBM Blade,IBM laptop, and not one has those files...i even paid
for ex-demo on the laptop, and it was installed...
i can only see *no* good reason for .exe to be on the drive, after a sale.
It should have always been wiped/fdisk/shredded, as I know i have had done
withthe ex demos i have here, and, they are part lenovo and part IBM and
still, not one of those files exits on any box, and the laptop wich, i
thought would forsure have something, if any of them did... but nope.
I dont know this one, but, i will try and ask a friend who works with IBM
and see theyre practices, and try get his own quotes.
Anyhow, cheers.
xd


On 6 October 2011 10:49, halfdog <me@...fdog.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> xD 0x41 wrote:
> > Looks like a pre used box... specially with that name, am assuming
> > THINK (thinkcentre/thinkpad - ibm) so in there it might be preused
> > IBM/Lenovo, but strange those files..should never be on the hd on a
> > clean sale.
>
> Pre-use is strange:
> * Cardbox says: manufactured 2011-08-04
> * Cardbox seems authentic (YUEN FOONG YU PAPER SHANGHAI PLANT CO., LTD.)
> * Thinkpad sticky plastic tape could not be removed without cardbox
> surface damage, was not damaged before opening
> * Inside seal on plastic bag also intact, but glue is suboptimal, I
> opened the bag without damaging the seal
> * Bought in Austria 2011-09-23, seems that those machines were already
> on stock for some days.
>
> So 50 days with shipping (15000km oversea?) seems quite narrow for
> pre-use, but one can never known ...
>
> Also nice: Power on hours: 15 (now its 1:20, I started 18:30, so I
> should have caused about 7h power-on time). How long would factory
> equipment take to put 320GB image on SATA?
>
> hd
>
> - --
> http://www.halfdog.net/
> PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFOjOz0xFmThv7tq+4RAqyaAKCFXDwhdMI/d30rfC+S6LF+gM8rewCfQ78+
> izSYcM/+I1yGiMsZOzwpli8=
> =HeZg
> -----END PGP SIGNATURE-----
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ