“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
(Visited 31 times, 1 visits today)
Related posts:
Conspiracy Theory Goes Mainstream With Wall Street's Mark Gorton
Vegas Mansion San Francisco, For Sale For 9311 Bitcoins
Sorry Kanye, Coinye Is Here to Stay
Children 'Traumatized and Re-Traumatized by Drones' in Yemen
Anthony Wile: We're Back!
Officials Worldwide Seek New Powers in Wake of Paris Attacks
Capital Controls Rolling Into High Gear Under FATCA
Colorado Makes History with First Legal Retail Marijuana Sales
Cannabis Retail Regulatory Environment: Six Jurisdictions
Scientist calls for caffeine to be a regulated substance
Bitcoin Companies Terminate Service in NY due to BitLicense Compliance Costs
Warrantless data searches narrowly miss Senate approval
Russia And China Sign Historic $400 Billion "Holy Grail" Gas Deal
Jim Rogers on investing in Malaysia, the century of Asia, & frontier markets
A Neutral Look At Police Brutality