“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
"Why Did You Call the Police? They Don't Help"
Austria Offers ‘Contradictory’ Guidance on Bitcoin’s Financial Status
Peter Schiff: Death of a Patriot
Trump and Putin: Big War or Little Deal?
FBI Monitors G-Mail, Yahoo, Hotmail, and Facebook Accounts
JFK: Will We Ever Know the Truth?
Soylent gets a $1.5 million infusion of venture capital
Gun-toting former Republican candidate claims ‘conspiracies’ after caught shoplifting twice
Cop Misses Unarmed Woman, Shoots 6-Year-Old Boy Dead Instead
Secret Military Training Blurs Line Between Police and Soldiers
50,000 Anti-Austerity Marchers in Greece
Effort Launched To Free Missouri Man Serving Life For Marijuana Charge
By US Standards, America Should’ve Been Bombed for Waco Siege
Canadian regulators welcome US Bitcoin refugees with open arms
Companies That Protect Your Data From the Prying Eyes of Government