“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
Big Banks Start Campaign to Destroy Credit Unions
Tear gas, water cannons as Egyptians throw stones at presidential palace
In Rush to Strike Syria, US Tried to Derail UN Probe
Private Fee-For-Service Medical Practice Now Accepts Bitcoin
Undercover agent sneaks past TSA at Newark Airport with ‘bomb’ in pants
U.S. Government Set To Spend Millions On Pro-GMO Propaganda
A History of Cronyism and Capture in the Information Technology Sector
Central Banks in New Zealand and Australia Issue Bitcoin Warning
So You Want To Short The Student Loan Bubble? Now You Can
Prosecutor wife suspected of evidence tampering for accused rapist husband
‘Show Us the Tapes!’: Activists March to Demand Release of Paddock Video
Cops Raid Licensed Chef’s Home, Steal His Equipment, For Feeding The Homeless
Kidnapped Marine vet Brandon Raub speaks out from psych ward
How the US Air Force Wasted $1 Billion on a Failed Software Plan
White House Considering Top Female Treasury Official for Federal Reserve Post