Posted by HardOCP News 6:31 PM (CDT)
Tuesday May 31, 2016
While I know all of you build your own computers, we all have friends and loved ones that could be affected by something like this. Some of the companies named in the article have already fixed the flaws but others haven't, so this is good info to have.
Duo Security says it found vulnerabilities in the update software for Acer, ASUS, Dell, HP and Lenovo. Some vendors were more secure than others in Duo's testing, but all of them were insecure enough that you could launch a man-in-the-middle attack and run your own code. In the worst cases, they'd send update data without any encryption or validation.