I'm not sure why I couldn't convince the security team that this is a
security issue. The ability for an attacker to write arbitrary information
to your software update database sounds like a pretty darn big security
flaw.
Bryan Harris, PE
Research Engineer
Structures and Materials Evaluation Gro
Even ignoring that fact that this is a huge security issue, a computer
connecting to free wifi at Starbucks should not irreversibly corrupt the
update process requiring manual intervention.
Bryan Harris, PE
Research Engineer
Structures and Materials Evaluation Group
University of Dayton Research I
Yes, this bug is a PITA. I can't see why something as important as an
update list isn't cryptographically verified. Heck, even a quick md5sum
check would catch this 99.9% of the time.
Bryan Harris, PE
Research Engineer
Structures and Materials Evaluation Group
University of Dayton Research I
