[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Timely, ASUS ships a package that defaults to downloading HTTP content and then executing it in a highly trusted way (BIOS/UEFI and more). 


I worry that the business case of "download random stuff online and execute it" is becoming increasingly common (hardware vendors, npm, rubygems.org, pypi, containers, etc.) and we're going to see a lot more stuff like this.

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: June 16, 2016