Full Disclosure: Re: Evilgrade 2.0 - the update explotation framework is back

[Jacky Jack <jacksonsmth698 () gmail com>]

> It's now a time for vendors to re-consider their updating scheme.
> > And do what differently, exactly?

To name a few, developers can do code signing, ssl certificates
verification like our favorite Firefox and methods used by AV vendors.
There have been cheap/free SSL certificate vendors like startssl.
This task should/would not be a huge pain. It's that simple.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/