“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Related posts:
James Corbett: How To Engineer A Crisis
Fake Windows Painted on Qingdao Residential Complex Buildings
Russia Issuing ‘CryptoRuble’
¡Bienvenido a Cuba!
How Trump Filled The Swamp
A Silver Lining to Obummercare
Is the Constitution Bailing Out the Banks?
Teenage Hacker Transforms Web Into One Giant Bitcoin Network
Is Silicon Valley Building the Infrastructure for a Police State?
Raisons d'État: Justifying Assassination and Murder of American Citizens
Emotional Woman Attacks John McCain on Syria at Town Hall
Protester crashes Syria hearing: ‘The American people do not want this’
Do You Like Guns? Sitting? Introducing the CouchBunker
Google Folds Wallet Support Into Gmail So You Can Send Money As Attachments
Israel Attacks Syria -- US Next?