back to article Lenovo inherited a switch authentication bypass – from Nortel

Lenovo has patched an ancient vulnerability in switches that it acquired along with IBM's hardware businesses and which Big Blue itself acquired when it slurped parts of Nortel. The bug, which Lenovo refers to as “HP backdoor”, for reasons it has not explained, has been in present in ENOS (Enterprise network operating system) …

  1. Anonymous Coward
    Anonymous Coward

    More evidence that the US government only wanted US switches in 'merica because they were the only ones the NSA could hack into.

    All the BS that Chinese made switches were banned because they were capable of being hacked by the Chinese government was just a smokescreen to keep America populated with hackable US made switches.

    1. Nial

      "More evidence that the US government only wanted US switches in 'merica because they were the only ones the NSA could hack into"

      Nortel was a Canadian company. :-)

      1. Yes Me Silver badge

        Nortel was a Canadian company

        I think you'll find that Canada is part of Five Eyes, and a lot of Canadian traffic runs through fibres that are south of their border with the US. So while the post was carelessly phrased, it's basically accurate. Nortel was under the same pressures as any US manufacturer.

    2. Anonymous Coward
      Anonymous Coward

      All the BS that Chinese made switches were banned because they were capable of being hacked by the Chinese government was just a smokescreen to keep America populated with hackable US made switches.

      You should prove this by disclosing on your company's home page that your company exclusively uses Chinese-manufactured networking equipment. Surely your customers will agree with your wisdom and the business will just flood in.

  2. JeffyPoooh
    Pint

    "Code Reuse is A Very Good Thing."

    See article for counterexample.

    1. Pascal Monett Silver badge

      Re: "Code Reuse is A Very Good Thing."

      Indeed. Shit code from 2004 is still alive and kicking.

      Goes to show that companies are never actually auditing their code ; they just wrap more layers around whatever works good enough to be sold. There is no oversight, no overall plan. It is not possible to have a framework in place and check every code addition against said framework to ensure proper and safe functionality.

      And let's not mention code that depends on disappearing GitHub libraries, right ?

      This whole code thing is already out of control. And now we have DevOps.

  3. John Smith 19 Gold badge
    Headmaster

    "readers with long memories..recall that HP was a reseller of the switches, back in the day"

    Which probably explains why it's called "The HP backdoor."

    Obvious caveats.

    Who's still running 2004 code releases in their switches in 2018?

    Are the standard defaults set to allow this to be accessible?

    If not how often are switches configured IRL that make these vulns accessible?

    Was this found as part of an ongoing actual code audit or did someone just stumble across it?

    I'm highly suspicious Lenovo is organized enough to be doing a methodical code audit.

    1. Amos1

      Re: "readers with long memories..recall that HP was a reseller of the switches, back in the day"

      The Chinese probably did a real audit to make sure no American backdoors were present or that the ones they installed at Nortel were already gone. Imagine their surprise... :-)

      https://www.theregister.co.uk/2012/02/15/nortel_breach/ - "Whistleblower: Decade-long Nortel hack 'traced to China."

    2. Captain Scarlet

      Re: "readers with long memories..recall that HP was a reseller of the switches, back in the day"

      We have a decommissioned IBM Blade Centre with Nortel Switch modules slapped in the back (To make it look like the comms room is more populated than it is so we can't be forced to move to a smaller room again).

      It doesnt count as it hasn't been powered on in years.

      1. Lord_Beavis
        Pirate

        Re: "readers with long memories..recall that HP was a reseller of the switches, back in the day"

        "We have a decommissioned IBM Blade Centre with Nortel Switch modules slapped in the back (To make it look like the comms room is more populated than it is so we can't be forced to move to a smaller room again)."

        The BOFH is strong with this one.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like