Jump to content
Rui Carlos

Software da Sennheiser comprometeu segurança de ligações SSL

Recommended Posts

Rui Carlos
Citação

Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks

When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought.

[...]

Fonte: https://www.bleepingcomputer.com/news/security/sennheiser-headset-software-could-allow-man-in-the-middle-ssl-attacks/

Citação

Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs

Audio device maker Sennheiser has issued a fix for a monumental software blunder that makes it easy for hackers to carry out man-in-the-middle attacks that cryptographically impersonate any big-name website on the Internet. Anyone who has ever used the company’s HeadSetup for Windows or macOS should take action immediately, even if users later uninstalled the app.

[...]

Fonte: https://arstechnica.com/information-technology/2018/11/sennheiser-discloses-monumental-blunder-that-cripples-https-on-pcs-and-macs/


Mais uma empresa a brincar com certificados SSL de raiz...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.