gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
74991 Posts in 13106 Topics by 2620 Members - Latest Member: dak4482 December 08, 2016, 08:04:57 PM
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Dell denies 'insecure autoupdate app'
gfx
gfxgfx
 

Author Topic: Dell denies 'insecure autoupdate app'  (Read 304 times)

0 Members and 1 Guest are viewing this topic.

Dell denies 'insecure autoupdate app'
« on: March 25, 2015, 03:19:08 AM »
http://www.theregister.co.uk/2015/03/24/dell_update_app_security_flap/

Quote
Dell has denied building backdoors into its kit following a security researcher's discovery of an insecure update assistant app.

Tom Forbes alleges that the Dell Service Tag Detector app* is so insecure that it creates a backdoor on machines it is installed upon.

More specifically, Forbes alleges that the app caries a Remote Code Execution (RCE) risk which, if true, would create a means for hackers and cyberspies to smuggle malware onto vulnerable systems.

An attacker could trigger the program to download and execute an arbitrary file without any user interaction, according to Forbes.

"The little 'Dell Service Tag Detector' program that they push people to download on the Dell.com website does a lot more than just detect service tags - it gives Dell access to your entire machine, allowing them to download and install software and collect system information without you knowing," Forbes told El Reg.

The issue was reported to Dell in November, fixed two months later in January. Forbes only went public about it this week.

Forbes' detailed technical write up of the issue can be found here.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Dell denies 'insecure autoupdate app'
 

gfxgfx
gfx
©2005-2016 WinMXWorld.com. All rights reserved.
SMF 2.0.12 | SMF © 2016, Simple Machines
Page created in 0.039 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!