Some of Our Sources
- BoingBoing
- TutsPlus - Design
- You The Designer
- Creative Curio
- Inspiredology
- Fudge Graphics
- Line 25
- 24 Ways
- Web Resource Source
- Willems Lab
Help Webnuz
Referal links:
June 5, 2016 08:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4_-xMSZ6xpk/asus-delivers-its-updates-over-http-with-no-verification
ASUS Delivers Its Updates Over HTTP With No Verification
The top five PC sellers have big security holes in the third-party tools which updates their software. Now Softpedia follows up with a report that "The ASUS LiveUpdate software that comes pre-installed on all ASUS computers downloads critical BIOS and UEFI updates via plaintext HTTP and installs them without verifying the content's source or validity." An anonymous reader shares this report from developer Morgan Gangwere: "Content is delivered via ZIP archives over plain HTTP, extracted into a temporary directory and an executable run as a user in the "Administrators" NT group ("Highest Permissions" task scheduler). Softpedia adds that "The attackers wouldn't even need to mess around modifying low-level firmware code because the update process would launch anything you throw at it. This includes spyware, backdoors, remote access trojans, and anything an attacker would wish."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4_-xMSZ6xpk/asus-delivers-its-updates-over-http-with-no-verification
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot