Attention!!™
Kafuka Mosts 2018
Voting is open! Get your votes in now!
Join the Kafuka Discord! (Click here)
Views: 5,802,184
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Calendar | Stats | Ranks | Online users | Search
12-16-18 03:53 AM
Guest: Register | Login

0 users currently in msg db 'Computer Address',0xa | 1 guest

Main - msg db 'Computer Address',0xa - ASUS LiveUpdate MitM exploit
Next newer thread | Next older thread


StapleButter
Posted on 06-05-16 03:51 PM Link | ID: 90426
Developer
there was a girl
Level: 73


Posts: 1014/1649
EXP: 3372457
Next: 113411

Since: 01-05-12
From: France

Last post: 1 day
Last view: 1 day
source


ASUS LiveUpdate is one of ASUS' preinstalled bloatware programs, that updates shit like BIOS, drivers etc...

The updates are retrieved over plain HTTP and not authenticated. There is a way, via MitM and some other trickery, to make it run a malicious executable with admin/system privileges.



Long story short, first thing to do when getting a new computer is axing all the preinstalled bloatware.

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Danika
Posted on 06-05-16 07:24 PM Link | ID: 90428

Eva Pilot
Affected by 'Eva Syndrome' ++
Level: 201


Posts: 2749/17822
EXP: 115173326
Next: 1973302

Since: 07-16-12
From: Albany, NY
OS: Mac OS X/Windows 10

Last post: 2 hours
Last view: 2 hours
Just as bad as the Lenovo "Superfish" malware, too :P Typically whenever I buy a name brand machine I do a full format and erase the hard drive and do a clean install using the OEM supplied key ;)


"1-800-273-8255... it can save a life!"
YouTubeTwitterTumblr

Next newer thread | Next older thread
Main - msg db 'Computer Address',0xa - ASUS LiveUpdate MitM exploit


Acmlmboard v2.5.4 (10/13/2018)
© 2005-2018 Acmlm, Emuz, et al.

Page rendered in 0.030 seconds. (625KB of memory used)
MySQL - queries: 55, rows: 455/488, time: 0.017 seconds.