cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1398
Views
0
Helpful
0
Replies

Duo in the news: Wired covers Duo Labs' OEM vulnerability report!

mkorovesisduo
Level 4
Level 4

Last month’s report on OEM software vulnerabilities from Duo Labs (pdf) was covered in a lot of different news articles. Wired put out one of the best pieces on it, which you can read here.

Wired also covered how some of the manufacturers reacted to our findings.

As varied as their security stances were, the vendors also varied in how easy they made it to report security problems. While Lenovo, HP and Dell, all had direct channels for reporting security problems with their software, Acer and Asus did not, leaving Duo researchers to attempt contact to their customer support lines channels multiple times via email and phone calls before they got a response.

How the vendors responded to the researchers also varied. HP has already patched the most egregious vulnerabilities the researchers found. Lenovo addressed its problems by simply removing the vulnerable software from affected systems. Duo reported the problems to the vendors more than four months ago, but Acer and Asus still haven’t indicated when they will fix the problems or if they will.

“Asus told us they were going to patch in a month, then they backed off on that after we pointed out that their planned patch was also flawed,” says Steve Manzuik, director of security research at Duo Labs. “And that’s when our communication broke down with them.”

Check it all out on Wired’s site.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links