[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back

To: Benji <me@xxxxxxxxx>
Subject: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
From: Jacky Jack <jacksonsmth698@xxxxxxxxx>
Date: Mon, 1 Nov 2010 03:32:45 +0800

> It's now a time for vendors to re-consider their updating scheme.

>> And do what differently, exactly?


To name a few, developers can do code signing, ssl certificates
verification like our favorite Firefox and methods used by AV vendors.
There have been cheap/free SSL certificate vendors like startssl.
This task should/would not be a huge pain. It's that simple.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
Next by Date: Re: [Full-disclosure] Joomla 1.5.21 | Potential SQL Injection Flaws
Previous by thread: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
Next by thread: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
Index(es):
- Date
- Thread