sanitation@lemmy.today to Technology@lemmy.worldEnglish · 2 days agoAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comexternal-linkmessage-square90fedilinkarrow-up1854arrow-down111cross-posted to: technology@lemmit.online
arrow-up1843arrow-down1external-linkAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comsanitation@lemmy.today to Technology@lemmy.worldEnglish · 2 days agomessage-square90fedilinkcross-posted to: technology@lemmit.online
minus-squareteohhanhui@lemmy.worldlinkfedilinkEnglisharrow-up8·edit-21 day ago Although it is true that they now fully use HTTPS, the claim about signature verification is untrue; they only perform a CRC-32 check on the downloaded executable, which is not cryptographically secure. This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)
This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)