Security Alerts & News
by Tymoteusz A. Góral

History
#891 ASUS delivers BIOS and UEFI updates over HTTP with no verification
The ASUS LiveUpdate software that comes pre-installed on all ASUS computers downloads critical BIOS and UEFI updates via plaintext HTTP and installs them without verifying the content's source or validity.

The LiveUpdate toolkit is what you'd call bloatware or crapware, software prepacked on your computer that's already there when you boot up for the first time. Very few people are aware of its presence, and most of them think it should be there to begin with because it's provided by their laptop's manufacturer.

Unfortunately for ASUS customers, the company's official "bloatware" doesn't use the most secure mechanism to deliver updates, as US security researcher Morgan Gangwere has discovered.
Read more
#891 ASUS delivers BIOS and UEFI updates over HTTP with no verification
#890 On her microphone's secret service: How spies, anyone can grab crypto keys from the air
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12