Menu

The Unexpected Attack Vector: Software Updaters

Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.

Learning Objectives:
1: Learn about a new emerging attack vector (software supply chain and updaters).
2: Investigate findings from recent incidents involving software updates.
3: Rethink update distribution and mitigate the problem.

Speaker

Headshot

Elia Florio Research Lead, Microsoft

← View more Videos

This document was retrieved from http://www.rsaconference.com/videos/the-unexpected-attack-vector-software-updaters on Sat, 17 Aug 2019 20:43:31 -0400.