LAS VEGAS–Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.
Thank you, Pete. This sounds like a vulnerability to a bogus wifi hotspot or hijacked wifi dns server. I’ll be careful where I do my software updates and my online banking too. Using a desktop computer provides me with lots of protection in this case.
Fortunately, according to the blog author, they’ve only identified
About 100 applications, many among the most popular on CNET’s Download.com
Mostly amateurs, I bet. I wish the author had done a little more research and reported if any of the major software products were vulnerable. Lacking any evidence to the contrary, I doubt they are. I love this info from one of the “security researchers”:
The researchers said they had not tested whether Firefox or other major browsers are vulnerable.
Let’s see. You tested 100 applications, but didn’t test any of the major browsers? I suspect that’s because they were pretty sure they wouldn’t find a vulnerable update process there.
People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.
Be careful? I should hope so, but it should be safe for most major, professionally developed products.