Displaying items by tag: Backdoor

This one goes in both the “failure of imagination” and “this is why we can’t have nice things” category. It seems that Gigabyte, for some reason, decided to embed an insecure update function into the UEFI BIOS of their motherboards, then shipped roughly 7 million of them to customers. The fatal flaw? Well, this is an update function that runs on startup. It writes a file to disk, reaches out to update servers over open HTTP then downloads any updates and installs them.

Published in News

Juniper has acknowledged that “unauthorized code” was somehow inserted into their ScreenOS. The code appears to have been around since at least 2012 which means that it went unnoticed during multiple code updates, patches and even full version updates. Although the code was buried deep in cores parts of the OS it still should have been noticed during at least one update over the last three years.

Published in News