Uncategorized

European coreboot conference 2017: Call for Papers

Note the request for SECURITY talks!

We are particularly interested in advances in the application of technology in a particular discipline primarily around coreboot, hardware, firmware, and security. As a result, the conference will be structured around the following topics:
– Free and Open Source hardware and firmware.
– Attacks against current hardware and firmware, like side and covert channel attacks.
– Firmware and hardware reverse engineering.
– coreboot payloads, extensions, and features.
– Advances of coreboot and UEFI on the market.
– Applications of free and open source hardware/firmware in practice.
– State-of-the-art security in embedded devices.

Conference talks, lightning talks, and workshops will be video taped and published afterwards. If a recording is not desired by a speaker or workshop instructor, no recordings will be made (notification in advance of the talk / workshop requested)[…]

https://ecc2017.coreboot.org/

Standard
Uncategorized

European agreement for Absolute and Lenovo

The Canadian ISV/IHV Absolute Software Corporation is working with the European branch of the Chinese OEM Lenovo, to apply CompuTrace — now called Absolute(R) — silicon/firmware-level tracking technology within Europe. Excerpt of press release:

Absolute Collaborates with Lenovo EMEA to Introduce European Factory Activation

Absolute Software Corporation, the industry standard for persistent endpoint security and data risk management solutions, today announced the Company has entered into an agreement with Lenovo EMEA to introduce European factory activation of Absolute Data & Device Security (DDS) (formerly Absolute Computrace). Under this agreement, Lenovo EMEA will incorporate the automated deployment of Absolute DDS, (which will trigger the activation of Persistence technology by Absolute) through Lenovo’s Imaging Technology Center for its European customers. As part of this factory image, customers can opt to load and activate Absolute DDS onto all of their Lenovo devices before shipment.

“Many of our enterprise customers want their Lenovo devices to be protected while in transit. By installing Absolute DDS and activating Persistence technology, our customers will be able to secure these endpoints before they leave the factory,” said Stefan Larsen, EMEA business development manager, Lenovo. “This agreement also allows our customers to reduce the resources spent on configuring and imaging devices, without compromising best-in-class security.”

“Lenovo’s Imaging Technology Center delivers a customized, out-of-the-box experience for its enterprise customers,” said Geoff Haydon, chief executive officer, Absolute. “We are excited to expand our participation in this program to Lenovo customers in Europe. This agreement represents a tremendous opportunity for us to strengthen our position in the region.”

More information:

https://www.absolute.com/en/about/pressroom/press-releases/2015/absolute-collaborates-with-lenovo-emea-to-introduce-european-factory-activation

So,  some of Lenovo’s enterprise customers are concerned about new computers being stolen or otherwise manipulated before they leave the factory? Who can attack OEM systems at this point in the system? Is this just an issue for Lenovo, or do other OEM’s enterprise customers also have this kind of concern? How does this new Absolute/Lenovo change impact attacker’s ability to attack system before the hardware comes to Europe and Persistence technology gets activated?

I wish OEMs would give me the OPTION to have this feature, not presume all of their systems are sold to enterprises. I wish someone would maintain a list of modern CompuTrace-free systems, for non-enterprise citizens who don’t want it installed, as it is useless, since CompuTrace is only available to enterprises. It seems that their compatibility lists include nearly all modern OEM systems. Hmm, does Purism or Novena have it? Did the old Thinkpads — that are being refurbished with Libreboot and resold by 2 companies– have it?

Standard