sanitation@lemmy.today to Technology@lemmy.worldEnglish · 3 days agoAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comexternal-linkmessage-square94linkfedilinkarrow-up1863arrow-down111
arrow-up1852arrow-down1external-linkAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comsanitation@lemmy.today to Technology@lemmy.worldEnglish · 3 days agomessage-square94linkfedilink
minus-squareteohhanhui@lemmy.worldlinkfedilinkEnglisharrow-up8·2 days ago Although it is true that they now fully use HTTPS, the claim about signature verification is untrue; they only perform a CRC-32 check on the downloaded executable, which is not cryptographically secure. This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)
This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)