“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
A Rare Sign of Fiscal Sanity in France
Homeland Security Expands Electronics Seizure In "Constitution-Free" Zones
Green Party Presidential Candidate Jill Stein Arrested Before Debate
Copyright Lawyers vs Patent Lawyers Smackdown: And The Winner Is...
NYPD plainclothes cops force man into unmarked black van
Close the Loophole Legalizing Union Violence
"The Kill Team"
Treasury Exempts Foreign Exchange Swaps from Definition of “Swap”
New York: Judge Rules Against Use Of X-Rays During Traffic Stops
Government Bomb Plots
Court OKs warrantless use of hidden surveillance cameras
Turning New York City into Detroit?
Australian Safety Official Seeks Refund Of 987 Speed Camera Tickets
The TSA is looking for Bitcoin
Yes, Soros Sold Off Gold (But Then Bought Gold Miners)