“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”
https://www.wired.com/2016/05/2036876/
Related posts:
No Statute Of Limitations For Failing To File U.S. Tax Returns
Why Are European Governments So Terrified of 'Fake News'?
Solutions: Overcoming Stockholm Syndrome
Drug Wars, Missing Money, and a Phantom $500 Million
US State Bank Supervisors to Discuss Bitcoin at Public Hearing
Florida: Changing Car Color Does Not Justify Traffic Stop
The Taper Trap
Texas Game Wardens Prepare for War
Pennsylvania may force workers to pay taxes to their employers
The End of the Battery – Getting All Charged Up over Supercapacitors
Seattle Mayor Orders Police to Dismantle Its Drone Program After Protests
Voters in Three States Take on Traffic Cameras
How Soon We Forget: Bush’s Ratings Rise
New law will ban protesters from riding mass transit in California
Ohio Dept. Of Insurance: Obamacare To Increase Premiums By 88 Percent