+Curioddity Posted March 9, 2010 Share Posted March 9, 2010 If any of you are using the Energizer Duo USB battery charger, you had better read this: http://www.kb.cert.org/vuls/id/154421 Pete Quote Link to comment
+sim_v Posted March 10, 2010 Share Posted March 10, 2010 (edited) If you have the Energizer Duo USB battery charger and if you installed the widget program on Widows and if you don't have a firewall on your computer. Please have a look to ... Edited March 10, 2010 by sim_v Quote Link to comment
+dakboy Posted March 10, 2010 Share Posted March 10, 2010 If you have the Energizer Duo USB battery charger and if you installed the widget program on Widows and if you don't have a firewall on your computer. Please have a look to ... Regardless, there is no reason at all for such a device to even attempt to introduce such a program into a host computer. Rather than blame the victim (people who installed the widget, expecting useful functionality), let's ask Energizer why they're opening vulnerabilities on their customers' PCs without their knowledge. Quote Link to comment
+coggins Posted March 10, 2010 Share Posted March 10, 2010 If any of you are using the Energizer Duo USB battery charger, you had better read this: http://www.kb.cert.org/vuls/id/154421 Pete Looks like Mac users are fine. Quote Link to comment
+ecanderson Posted March 10, 2010 Share Posted March 10, 2010 Article here: http://www.marketwatch.com/story/energizer...blem-2010-03-05 Love the quote: "Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software." This ought to be interesting. Quote Link to comment
+DavidMac Posted March 11, 2010 Share Posted March 11, 2010 That's... shocking. Quote Link to comment
+HedgeMage Posted March 11, 2010 Share Posted March 11, 2010 And yet...I run a real OS, and am therefor in no danger whatsoever. Can someone please explain to me why the most expensive consumer operating system is the least secure -- or at least why people keep buying it? Quote Link to comment
+ecanderson Posted March 11, 2010 Share Posted March 11, 2010 And yet...I run a real OS, and am therefor in no danger whatsoever. Can someone please explain to me why the most expensive consumer operating system is the least secure -- or at least why people keep buying it? Apart from the fact that the biggest target gets the most attention, be aware that if someone wanted to play this particular game on YOUR OS, it would be easy enough to do. This wasn't a particularly sophisticated hack. It was a back door in a piece of software you might have installed yourself. Your OS just doesn't have enough market share to garner the attention of those out to have a bit of fun at your expense. Quote Link to comment
guggie Posted March 11, 2010 Share Posted March 11, 2010 I just went to that energizer usb website mentioned above and it put a cookie/file on my computer! Quote Link to comment
+dakboy Posted March 11, 2010 Share Posted March 11, 2010 I just went to that energizer usb website mentioned above and it put a cookie/file on my computer! So does every other website. The backdoor installed by this charger is not benign. Quote Link to comment
+sim_v Posted March 11, 2010 Share Posted March 11, 2010 Rather than blame the victim (people who installed the widget, expecting useful functionality), let's ask Energizer why they're opening vulnerabilities on their customers' PCs without their knowledge. I would only point that the backdoor run only on windows computer and is passive (wait order from internet). A firewall wil block incoming connection on a big part of computer. Drivers with the backdoor are available for download since 2007. Quote Link to comment
+dakboy Posted March 11, 2010 Share Posted March 11, 2010 Rather than blame the victim (people who installed the widget, expecting useful functionality), let's ask Energizer why they're opening vulnerabilities on their customers' PCs without their knowledge. I would only point that the backdoor run only on windows computer and is passive (wait order from internet). A firewall wil block incoming connection on a big part of computer. You're only pointing out the obvious - if you follow good security practices, your vulnerability is minimal. But there are millions of computers that are members of botnets passively waiting to be given commands to unleash attacks and spam, so it's clear that many people don't do this. Computers infected with this DLL can become agents of those botnets and create their own. As you point out, this has been in the wild for 3 years - there may be botnets which were created or expanded via this thing already, we may never know. It only listens passively until it's sent instructions to execute programs. Then it can cause any kind of havoc the controller wants. Read that CERT assessment: An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.Most home users run with elevated or semi-elevated privileges. Once it receives instructions, it can literally do anything. Stop shifting blame onto the victims. This never should have been put on the computer in the first place. Energizer distributed this, knowingly or otherwise; they are responsible. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.