sanitation@lemmy.today to Technology@lemmy.worldEnglish · 16 days agoAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comexternal-linkmessage-square94linkfedilinkarrow-up1879arrow-down111cross-posted to: amd@lemmy.zip
arrow-up1868arrow-down1external-linkAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comsanitation@lemmy.today to Technology@lemmy.worldEnglish · 16 days agomessage-square94linkfedilinkcross-posted to: amd@lemmy.zip
minus-squareteohhanhui@lemmy.worldlinkfedilinkEnglisharrow-up8·16 days ago Although it is true that they now fully use HTTPS, the claim about signature verification is untrue; they only perform a CRC-32 check on the downloaded executable, which is not cryptographically secure. This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)
This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)