2023 BIMP-EAGA SPM Dirasmikan           >>           Penandatanganan MoU Penaiktarafan BGEC           >>           Pelancaran Pusat Kecemerlangan Sejarah, Kesultanan Brunei Psb           >>           'I Had To Breastfeed My Husband On Holiday – It Was The Weirdest Thing We've Done'           >>           Librarians Left In Stitches As Overdue Book Finally Returned After 43 Years           >>           Khloe Kardashian Sets The Record Straight On Her Current Relationship Status           >>           Eminem's Daughter Hailie Jade Is Engaged To Evan Mcclintock           >>           See Chris Brown's Shocking Reaction To Losing 2023 Grammy For Best R&B Album           >>           Nissan Warns Costs Must Fall To Make New Electric Cars In UK           >>           Tech Lay-Offs: Dell To Cut Workforce           >>          





[email protected]



[email protected]



[email protected]



+673 222-0178 [Office Hour]

+673 223-6740 [Fax]


Upcoming Events

Prayer Times

The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.


: 05:07 AM


: 05:17 AM


: 06:36 AM


: 06:59 AM


: 12:35 PM


: 03:56 PM


: 06:32 PM


: 07:44 PM


The Business Directory



Internet & Media

  Home > Internet & Media

Unbox Your Laptop, And Say Hello To Security Risks

Duo Labs looked for vulnerabilities in 10 laptops during its investigation.


 June 1st, 2016  |  09:21 AM  |   1670 views



Laptops from five popular PC makers all contained security vulnerabilities right out of the box, according to an investigation by Duo Labs.


Powering up a new laptop can be exhilarating. It can also be full of security risks.


Software update tools that are preinstalled on Acer, Asus, Dell, HP and Lenovo laptops all contained at least one critical security vulnerability that hackers could easily exploit, said Duo Labs, the research arm of Duo Security, in the results of an investigation published Tuesday. In total, Duo Labs uncovered 12 different OEM software vulnerabilities across all the computer makers.



OEM (original equipment manufacturer) software includes programs like product registration and 30-day free trials that come installed on a laptop right out of the box. They're often referred to as bloatware since they're largely unnecessary and weren't installed at the user's request. Not only is bloatware superfluous, it's often a weak link in the security chain, according to Duo Labs.


"The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant -- meaning, trivial," wrote Darren Kemp, a security researcher with Duo Labs, in a blog post Tuesday.


The Duo Labs investigation highlights the risk of unnecessary software. Programs that people have little use for -- or didn't know were there in the first place -- can easily become out-of-date, which opens them up to security vulnerabilities. PC vendors also failed to build basic security measures into these update tools, said the report. When this happens, bloatware goes from annoying to dangerous.


Here's the really bad news: There's little that laptop owners can do to protect themselves from the vulnerabilities created by these OEM update tools, Duo Labs said. What safeguards there are require significant time and effort: The research team recommended wiping any OEM system and reinstalling a bloatware-free copy of Windows and uninstalling any unnecessary software.


Duo Labs reported these vulnerabilities to the PC makers, which were selected because they are popular brands, and some have already been fixed. In many cases, consistent use of encryption in these OEM update tools would have made these vulnerabilities much more difficult to exploit, said Duo




HP has fixed the high-risk vulnerabilities, Duo Labs said, and Lenovo will be releasing an update to remove the vulnerable software from all its laptops. Neither HP nor Lenovo immediately responded to CNET's request for comment.


Acer and Asus acknowledged the vulnerabilities, said Duo Labs, but have not released a fix yet. Those two companies did not immediately respond to CNET's request for comment.


Dell released an update fixing many of the issues before Duo Labs could report them. The company did not immediately respond to CNET's request for comment.



courtesy of CNET

by Carrie Mihalcik


If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]


Related News

Deputy Minister: Moh In Final Phase Of Preparing Health White Paper

 2023-02-07 09:43:27

Second Balloon Over Latin America Is Ours – China

 2023-02-07 11:27:53

Nissan Warns Costs Must Fall To Make New Electric Cars In UK

 2023-02-07 12:10:04