“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
In San Francisco, It’s Illegal to Store Your Own Stuff in Your Own Garage
Third largest cryptocurrency PPCoin moves into spotlight
Indian jewellers join government's gold bar and coin ban
Police Groups Furiously Protest Eric Holder's Marijuana Policy Announcement
US Files Criminal Charges Against SAC For the Non-Crime Of Insider Trading
Felony Friday: Man Charged For Killing Deer That Ate His Weed Plants
Georgia’s civil asset forfeiture 'reform' to go into effect
U.S. Government Wins Appeal in Kim Dotcom Extradition Battle
Cop Tases Drug Suspect in the Back For Not Crossing His Ankles Quickly Enough
Bitcoin Developer Sells $8 Million Worth Of Hardware In 24 Hours
Sweden’s War on Cash: News from the Frontlines
U.S. Spent $5.6 Trillion On Wars In The Middle East And Asia: Study
Facing the Onset of A Global Taxation Regime, Take Human Action
How Prosecutors Score a Windfall Turning Small Tickets Into Big Fees
Justin Raimondo: The EU – A CIA Covert Operation