“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
Colorado Governor Signs Marijuana Legalization Bills
The War On Cash Ratchets Up In Greece With “Soft” Cash Ban
Who is the real big bucks bully in the gun control debate?
Military Police Officers Sit, Join Protesters In Brazil
Teen arrested for iPhone 'terrorism' at school faces 20 years in prison
Audacious Hack Exposes Bush Family Pix, E-Mail, Clinton Friendship
Obama Administration Uses Pirated Code on Healthcare.gov
GreenBank Capital makes first Bitcoin angel investment
John McAfee is Back! - CNBC Oct 2013
Swiss Gold Initiative's Paypal Donation Account Frozen
Is Silicon Valley Building the Infrastructure for a Police State?
Zimbabwe adopts Chinese yuan as legal tender
Chechen Terrorists and the Neocons
Guilt by Musical Association
Monsanto wins patent lawsuit against farmer who bought grain from elevator