“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
How the Federal Reserve Just Hid Important Data
5 GMO Myths Busted
One Man’s Quest to Prove Saudi Arabia Bankrolled 9/11
Patients’ advocates ask Supreme Court to decide medical value of marijuana
The meteoric rise of passive investing: the “greatest bubble ever”?
One Man Blocking Arizona Anti-NDAA Bill
Cop Threatens, Acts Immature After being Caught Breaking Oath
ACLU Announces Settlement in “Highway Robbery” Cases in Texas
RIP Mikhail Timofeyevich Kalashnikov
LBMA: Volume Of Gold Transferred Climbs To 12-Year High In May On ETF Redemptions
Fitness Tracker Apps Leak Sprawling U.S. Military Footprint in Africa
Cyprus: 16 months of capital controls, banks still pitifully capitalized
Peter Schiff on Bullion Banks, and the Hidden Trove of QE Money
Jim Rogers on Lucrative Investments Nobody Else Is Talking About
Georgia congressman complains: ‘I’m stuck here making $172,000 a year’