“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Tip Freedomwat.ch Staff with Bitcoin
Related posts:
NSA Can 'Easily' Break Cellphone Encryption, Report Says
Feds spend at least $890,000 on fees for empty accounts
Lawmaker: My ‘gut feeling’ says Syria got chemical weapons from Iraq
Russia warns of nuclear disaster if Syria is hit
Forget Your Free Phone, Obama Has Screwed The Poor
Under the Microscope: The Real Costs of a Dollar
Bill Bonner: Should You Turn Bullish in 2014?
Gold and Silver Coins in Arizona May Become Legal Tender
US prepares for tank battles in Europe
Montana Prosecutor Declares War On Pregnant Mothers Who Drink
Austerity's End Could Bring Additional German Turmoil
Visa, MasterCard To End Swipe-And-Sign By 2015
Veterans Administration again accused of covering up the causes of ‘Gulf War Syndrome’
Bitcoin Bites: Germany recognizes digital currency as 'private money'
Petition Your State Reps: All Police Must Wear Cameras