mailing list archives
Re: Evilgrade 2.0 - the update explotation framework is back
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Mon, 1 Nov 2010 03:32:45 +0800
It's now a time for vendors to re-consider their updating scheme.
And do what differently, exactly?
To name a few, developers can do code signing, ssl certificates
verification like our favorite Firefox and methods used by AV vendors.
There have been cheap/free SSL certificate vendors like startssl.
This task should/would not be a huge pain. It's that simple.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/