Out-Of-the-Box Exploitation Possible On PCs From Top 5 OEMs (arstechnica.com) 81
According to a report published by two-factor authentication service Duo Security, third-party updating tools installed by Dell, HP, Lenovo, Acer, and Asus (the top five Windows PC OEMs) are exposing their devices to man-in-the-middle attacks. Dan Goodin, reports for Ars Technica: The updaters frequently expose their programming interfaces, making them easy to reverse engineer. Even worse, the updaters frequently fail to use transport layer security encryption properly, if at all. As a result, PCs from all five makers are vulnerable to exploits that allow attackers to install malware.Duo Security adds: Hacking in practice means taking the path of least resistance, and OEM software is often a weak link in the chain. All of the sexy exploit mitigations, desktop firewalls, and safe browsing enhancements can't protect you when an OEM vendor cripples them with pre-installed software.