Kris on Nostr: "Hackers abused an antivirus service for five years in order to infect end users with ...
"Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet."
No encryption, no validation, no signatures, five years undetected.
You night think this is an exceptionally bad vendor, but this is par for the course.
Published at
2024-04-24 05:36:56Event JSON
{
"id": "88ab081be98fe8838d95dd1e4edab90f209eba8c8bc29218c3eeeffe83a10903",
"pubkey": "6527ed4b3886f3e9a14483f38015e966febecb851259510ff54cb2cebfc4e6fa",
"created_at": 1713937016,
"kind": 1,
"tags": [
[
"e",
"4976269c97ce26aac4f10b7f7a28f9ac84ab31e760ddf954ac234c011727efae",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://chaos.social/users/isotopp/statuses/112324576305324827",
"activitypub"
]
],
"content": "\"Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet.\"\n\nNo encryption, no validation, no signatures, five years undetected.\n\nYou night think this is an exceptionally bad vendor, but this is par for the course.",
"sig": "b6da9f33f60a4863bd445931c06c32bd2e4f5bb641085f0488c6774c0a2d0636583f353b489932a88c17c6390df0fb36d405f72338810d41bc4e9da48a016c9c"
}
