Profile

Scrapbook photo 1
Scrapbook photo 2
Scrapbook photo 3
Scrapbook photo 4
Scrapbook photo 5
Verified name
Ward Mundy
Works at Nerd Vittles blog and PBX in a Flash
Attended Alabama Law School, Auburn University, Butler High, Queen Anne High, Carlisle High, St. Stephens Episcopal
Lives in Charleston, SC
6,158 followers|1,335,195 views
AboutPostsPhotosYouTubeReviews

Stream

Ward Mundy

Shared publicly  - 
 
Nerd Vittles » Top 10 Problems & Fixes for Asterisk and FreePBX Noobs

#asterisk   #freepbx   #voip   #GPL   #OSS  
Ashton-Tate of dBASE® fame used to call them anomalies. Sheer arrogance kept them from ever quite admitting there was an actual bug in their software. We don't claim to be quite so perfect. If you use any software for very long, you're going to encounter bugs. But not all reported problems turn ...
3
Add a comment...

Ward Mundy

Shared publicly  - 
 
Today on Nerd Vittles

#asterisk   #freepbx   #voip   #IncrediblePBX   #GPL   #OSS  
We've spent the last two months introducing a half dozen new flavors of Incredible PBX™ featuring the new GPL-compliant Incredible PBX GUI. We hope you're enjoying the new builds. But it's Back-to-School Time in the United States so today we're shifting gears and providing a refresher course on ...
4
1
Christopher Allsop's profile photo
Add a comment...

Ward Mundy

Shared publicly  - 
 
Today's Discovery: The Return of Time Bomb Software

#asterisk   #freepbx   #GPL   #NoGotchas   #OSS  
Before we get started today, let's clear the air on a few things that have been brought to our attention. We're not opposed to any organization making money. That includes Digium® and Sangoma®. And we fully appreciate that both of these companies need to make money to continue to deliver first ...
1
Add a comment...

Ward Mundy

Shared publicly  - 
 
Morning Stroll on Lake Burton
5
Add a comment...

Ward Mundy

Shared publicly  - 
 
 
»Lenovo is shipping a rootkit in their BIOS... «-- https://twitter.com/RichFelker/status/631103814477697025


TL;DR: »Any Windows contains a mechanmism called WPBT, where it checks if the BIOS contains a specific ACPI entry. If it does, it pulls a binary from the BIOS and modifies the installer.

Lenovo BIOS provides such a WPBT binary and infects any pristine windows installation with Lenovo binaries. The process replaces the autochk file with a modified version that phones home and downloads stuff unencrypted and unvalidated.«

Will sagen, der Hardware Vendor pullert Dir in die Installation sogar dann, wenn Du unmodifizierte Originalsoftware von Microsoft statt des von Lenovo preowned Dreck installieren willst, der auf dem Gerät ab Werk drauf ist, weil Microsoft ihren Kram ab Werk backdoored.

Background:
https://lkml.org/lkml/2015/5/20/1155

https://www.google.de/?gws_rd=cr&ei=8zrKVbWcJoLTygPm_LnwAg#q=wpbbin.exe+site:microsoft.com


Originaltext: 
http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693 »Hi, I discovered this issue back in May when I bought a Lenovo Y40-80 which also has this. It really pissed me off so I did quite a bit of digging into it and successfully removed it, so after running into this thread I figured I'd share what I learned.

Before booting windows 7 or 8, the bios checks if C:\Windows\system32\autochk.exe is the Lenovo one or the original Microsoft one. If it is not the lenovo one, it moves it to C:\Windows\system32\0409\zz_sec\autobin.exe, and then writes it's own autochk.exe. During boot, the Lenovo autochk.exe writes a LenovoUpdate.exe and a LenovoCheck.exe file to the system32 directory, and sets up a services to run one of them when an internet connection is established. I don't know too much exactly what those do, but one appears to phone home to http://download.lenovo.com/ideapad/wind ... 2_oko.json which is a bit worrying with the combination of a "ForceUpdate" parameter shown and the lack of ssl, making it fairly likely that it's exploitable for remote code execution by anyone who can intercept your traffic(public wifi, etc).

Disclaimer: Unless you really know what you're doing, you really don't want to try this: As for removing it, you need to edit and re-flash your bios. The downloadable bios update from Lenovo doesn't seem to be extractable at least with any methods I know, and using bios dumping tools only gets you 6 of the 8MB of the bios chip, so unfortunately it has to be done the painful way. You'll need a usb flash rom reader/writer(a cheap CH341A one works fine) and SOIC-8 test clips. You can get each of those 2 items for about $10 each. Take the back cover off the laptop, and also disconnect the battery, and locate the bios chip on the motherboard. Connect the test clips to the bios and connect the other end of the other end of the test clips to the usb writer, and connect the usb writer to another computer. On the other computer use the usb reader/writer to dump a copy of the bios. The bios dump will be an 8MB file. You need to split it into 2 files: the first 2MB and the last 6MB. Download UEFITool from github( https://github.com/LongSoft/UEFITool ) and open the 6MB file. Look through the modules and find the one called "NovoSecEngine2" and mark it for deletion. Save a new copy of the 6MB file. Now make a new 8MB file by taking the 2MB beginning from earlier and appending the new 6MB file on to the end. Use the usb reader/writer to flash that new 8MB file to the laptop's bios, then disconnect the wires and put the laptop back together. Reinstall a fresh copy of windows again, and check your C:\Windows\system32\autochk.exe file to make sure it's signed by Microsoft, not Lenovo. If you have the original Microsoft one there, congratulations, your laptop is now clean.«
 ·  Translate
31 comments on original post
2
1
Lawrence Beasley's profile photo
Add a comment...

Ward Mundy

Shared publicly  - 
 
Nerd Vittles: New visitors from 150 countries this week. Join the Party

http://nerd.bz/nerdvittles

#asterisk   #freepbx   #voip   #vuc  
1
Add a comment...

Ward Mundy

Shared publicly  - 
 
 
- The Game Is Rigged - 3min video - 
1 comment on original post
4
Richard Talcott's profile photo
 
George saw how things worked...
Add a comment...

Ward Mundy

Shared publicly  - 
 
Samsung Response to Galaxy Note 5 Design Flaw: RTFM

Inserting S-Pen backwards can permanently damage the device.
1
Add a comment...

Ward Mundy

Shared publicly  - 
 
Enjoy the Show: The Morphing of FreePBX

#Asterisk   #FreePBX   #NagWare   #CrippleWare   #SangomaStyle  
1
Add a comment...

Ward Mundy

Shared publicly  - 
 
Home Sweet Home... finally!
11
Shawn McClure's profile photoWard Mundy's profile photo
2 comments
 
Good guess!
Add a comment...

Ward Mundy

Shared publicly  - 
1
Add a comment...

Ward Mundy

Shared publicly  - 
 
Pin the Tail on the Donkey: Ever Heard of this Game Before?

#asterisk   #freepbx   #GPL   #OSS  
1
Gary Trowbridge's profile photo
 
To what is all this referring to? Any link to an article? 
Add a comment...
People
Have him in circles
6,158 people
Daniel Petrean's profile photo
Alicia Butler's profile photo
venda lavenda's profile photo
Jason Hewes's profile photo
sagar allamdas's profile photo
Jack Ware's profile photo
Robert Cram's profile photo
Chris Patterson's profile photo
Tim Wilson's profile photo
Work
Occupation
Globe-trotting VoIP Pundit
Employment
  • Nerd Vittles blog and PBX in a Flash
    Housekeeper, present
  • U.S. Courts
    Coin Tosser
  • Army Appellate JAG
    Defending the Downtrodden
  • NASA
    Space Cadet
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Charleston, SC
Previously
Atlanta, GA - Washington, DC - Huntsville, AL - Seattle, WA - Carlisle, PA - San Luis Obispo, CA - San Antonio, TX - Birmingham, AL
Contact Information
Home
Address
http://mundy.org/comment.php
Work
Email
Address
http://pbxinaflash.com/about/comment.php
Story
Tagline
Butcher's and Baker's Friend
Introduction
¿Qué pasa
Education
  • Alabama Law School, Auburn University, Butler High, Queen Anne High, Carlisle High, St. Stephens Episcopal
Basic Information
Gender
Male
Other names
Uncle Ward, Nerd Uno
4 reviews