This is intriguing. I don't use it but have considered it.
------- Included Stuff Follows -------
Insecure BIOS `Rootkit´ Found Pre-loaded In Major Manufacturers Laptops
| CyberInsecure.com
A popular laptop theft-recovery service that ships on notebooks made by
HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a
dangerous BIOS rootkit that can be hijacked and controlled by malicious
hackers.
The service - called Computrace LoJack for Laptops - contains design
vulnerabilities and a lack of strong authentication that can lead to "a
complete and persistent compromise of an affected system," according to
Black Hat conference presentation by researchers Alfredo Ortega and Anibal
Sacco from Core Security Technologies."
... The biggest problem, Ortega explained, is that a malicious hacker can
manipulate and control the call-home process. That´s because the
technology uses a configuration method that contains the IP address, port
and URL, all hard-coded in the Option-ROM. At first run, Sacco explained
that the configuration method is copied in many places, including the
registry and hard-disk inter-partition space.
The duo found that it´s trivial to search and modify the configuration,
giving them the ability to point the the IP and URL to a malicious site,
where un-authenticated payloads can be directed to laptop.
Because the rootkit is white-listed by anti-virus software, the malicious
modifications will go unnoticed. ...
--------- Included Stuff Ends ---------
More here with links:
http://cyberinsecure.com/insecure-bios-rootkit-found-pre-loaded-in-major-manufacturers-laptops/
or here if the above wraps unusably: http://preview.tinyurl.com/lwjsgy
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
