sanitation@lemmy.today to Technology@lemmy.worldEnglish · 23 hours agoAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comexternal-linkmessage-square49fedilinkarrow-up1668arrow-down16
arrow-up1662arrow-down1external-linkAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comsanitation@lemmy.today to Technology@lemmy.worldEnglish · 23 hours agomessage-square49fedilink
minus-squareteohhanhui@lemmy.worldlinkfedilinkEnglisharrow-up5·edit-29 hours ago Although it is true that they now fully use HTTPS, the claim about signature verification is untrue; they only perform a CRC-32 check on the downloaded executable, which is not cryptographically secure. This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)
This is the wording from the blog post. Tom’s Hardware just rephrased it very poorly. (see e.g. https://www.reddit.com/r/hardware/comments/1ixgas1/articles_from_tomshardwarecom_should_be_banned/)