Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/31/2013
09:45 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition

U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced

Since at least 2006, personal computers manufactured by Lenovo have been banned from being used to access classified government networks in the United States, as well as in Australia, Britain, Canada and New Zealand.

That revelation was first reported by Australia's Financial Review (AFR), which said the blanket ban on using Lenovo's equipment to access "secret" or "top secret" government networks stemmed from fears that the Chinese government may have altered the equipment's firmware or added back doors to the hardware to allow it to be monitored by its own espionage agencies.

Those fears started after Beijing-based Lenovo acquired IBM's personal computing division for $1.25 billion in 2005.

Read the full article here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
cjturner
50%
50%
cjturner,
User Rank: Apprentice
8/1/2013 | 10:46:16 PM
re: Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
Smoke, not much fire here. This is a little like saying "Chinese cigarettes are banned in New York restaurants," as all smoking is banned there; and classified networks generally prohibit attaching _any_ portable device, not for reasons of supply-chain, but primarily to reduce the risks associated with user error.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35419
PUBLISHED: 2021-04-14
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2021-28060
PUBLISHED: 2021-04-14
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
CVE-2021-28825
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with l...
CVE-2021-28826
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker wi...
CVE-2021-28855
PUBLISHED: 2021-04-14
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).