Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The automatic update features in many software applications are proving to be vulnerable to attack. Hackers are taking notice. You should, too.
There's been considerable discussion recently about how automatic software updates, such as those to download security patches, can be used as potential vectors of attack. This is unfortunate, as one of the primary tenets of keeping systems relatively secure is to maintain current patch levels. And when most users, including probably most businesses, need to update their systems, they tend to trust and download the updates presented to them without confirming their authenticity.
Consider what happened earlier this year with the servers Red Hat uses to publish software packages to its users. At the end of August, Red Hat confirmed that hackers had compromised infrastructure servers used by the company and the Fedora Project. These were the servers used to actually sign Fedora software packages. And while Red Hat expressed confidence that the passphrase used to secure its software packages wasn't stolen, it did update their signing keys.
Registered users may log in here.
Login or Register now and get unlimited access.