gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75033 Posts in 13122 Topics by 2622 Members - Latest Member: tiit20 January 18, 2017, 01:35:49 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Dell denies 'insecure autoupdate app'
gfx
gfxgfx
 

Author Topic: Dell denies 'insecure autoupdate app'  (Read 310 times)

0 Members and 1 Guest are viewing this topic.

Dell denies 'insecure autoupdate app'
« on: March 25, 2015, 03:19:08 am »
http://www.theregister.co.uk/2015/03/24/dell_update_app_security_flap/

Quote
Dell has denied building backdoors into its kit following a security researcher's discovery of an insecure update assistant app.

Tom Forbes alleges that the Dell Service Tag Detector app* is so insecure that it creates a backdoor on machines it is installed upon.

More specifically, Forbes alleges that the app caries a Remote Code Execution (RCE) risk which, if true, would create a means for hackers and cyberspies to smuggle malware onto vulnerable systems.

An attacker could trigger the program to download and execute an arbitrary file without any user interaction, according to Forbes.

"The little 'Dell Service Tag Detector' program that they push people to download on the Dell.com website does a lot more than just detect service tags - it gives Dell access to your entire machine, allowing them to download and install software and collect system information without you knowing," Forbes told El Reg.

The issue was reported to Dell in November, fixed two months later in January. Forbes only went public about it this week.

Forbes' detailed technical write up of the issue can be found here.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Dell denies 'insecure autoupdate app'
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.13 | SMF © 2016, Simple Machines
Page created in 0.015 seconds with 25 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!