Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Evilgrade 2.0 - the update explotation framework is back
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Mon, 1 Nov 2010 03:32:45 +0800

It's now a time for vendors to re-consider their updating scheme.

And do what differently, exactly?


To name a few, developers can do code signing, ssl certificates
verification like our favorite Firefox and methods used by AV vendors.
There have been cheap/free SSL certificate vendors like startssl.
This task should/would not be a huge pain. It's that simple.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]