Several years ago, students at UMass Amherst discovered how to co-opt an automated software update mechanism to gain root access on a computer. The most significant security flaw involved a McAfee anti-virus product whereby an automatic, nightly update allowed the students to get root access on a Mac. Back then, the students wrote code manually.
Fast forward from 2006 to 2009. Now security researchers have reportedly created an automated tool to discover insecure software updates. There are likely a lot of vulnerable products out there, and it's not surprising that many small software houses forget to test whether the backdoor is kept locked: the software update.
Our original paper and video demonstration shows how to co-opt a software update mechanism built into an anti-virus product to gain root on a Mac. Fortunately, that particular bug has been reportedly patched. But what else remains unpatched?
Monday, August 24, 2009
Thursday, August 20, 2009
The Real Reasons to Support Language Study
Refreshing comments about the importance of studying languages appeared in the Chronicle of Higher Education.
http://chronicle.com/article/The-Real-Reasons-to-Support/47450/
http://chronicle.com/article/The-Real-Reasons-to-Support/47450/
Subscribe to:
Posts (Atom)