"Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet."
No encryption, no validation, no signatures, five years undetected.
You night think this is an exceptionally bad vendor, but this is par for the course.
Kris /
npub1v5…lxe4h
2024-04-24 07:36:56
in reply to nevent1q…ed85
Author Public Key
npub1v5n76jecsme7ng2ys0ecq90fvmltaju9zfv4zrl4fjeva07yumaqglxe4hPublished at
2024-04-24 07:36:56Event JSON
{
"id": "88ab081be98fe8838d95dd1e4edab90f209eba8c8bc29218c3eeeffe83a10903",
"pubkey": "6527ed4b3886f3e9a14483f38015e966febecb851259510ff54cb2cebfc4e6fa",
"created_at": 1713937016,
"kind": 1,
"tags": [
[
"e",
"4976269c97ce26aac4f10b7f7a28f9ac84ab31e760ddf954ac234c011727efae",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://chaos.social/users/isotopp/statuses/112324576305324827",
"activitypub"
]
],
"content": "\"Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet.\"\n\nNo encryption, no validation, no signatures, five years undetected.\n\nYou night think this is an exceptionally bad vendor, but this is par for the course.",
"sig": "b6da9f33f60a4863bd445931c06c32bd2e4f5bb641085f0488c6774c0a2d0636583f353b489932a88c17c6390df0fb36d405f72338810d41bc4e9da48a016c9c"
}