After last week when several laptop OEMs, including Lenovo once again, were caught installing highly insecure bloatware on their laptop you might hope that this week would be different. Sadly you would be mistaken as once again software preinstalled on laptops is in the news. In this case it is ASUS Live Update which transmits requests for updates in plain text and does not check any software updates which come back for authenticity. This of course leaves you wide open for man in the middle attacks, where someone posing as those update servers could feed you whatever installation files they desired. As the pull quote from The Inquirer below states, removing it immediately would be a very good idea.
"My advice to anyone who purchased an Asus device: remove LiveUpdate. It's really that simple. If you're an IT administrator, find devices making periodic calls to Asus's domains and blackhole them, get the user to come and see you,"
Here is some more Tech News from around the web:
- Siemens Now Commands An Army Of Spider Robots @ Slashdot
- Quieting Scary Web Browser SSL Alerts @ Linux.com
- Microsoft thinks it's fixed Windows Server mess its last fix 'fixed' @ The Register
- AMD Technologies Revealed at Computex 2016 @ Tech ARP
- Computex 2016 Live Coverage Day 5 @ Tech ARP
- Computex 2016 Live Coverage Day 4 @ Tech ARP