Sign in / up

back to article NOD32 AV remote root wormable hack turns corporate fleets to meat

Google Project Zero bod Tavis Ormandy has disclosed a "trivial" means of remotely hack the ESET NOD32 antivirus platform. Ormandy's finding prompted the Slovak company to rush a patch a day before his disclosure overnight. The remote-root exploit is potentially wormable and, he said, of practical value to criminals. "Any …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    "Ormandy's finding prompted the Slovak company to rush a patch a day before his disclosure overnight." ... "It slung a patch within an impressive three days of Google's Project Zero 90 day patch-or-die disclosure policy"

    If it's only 3 days into the 90 day patch-or-die timescale, would it not be more responsible for Google / Ormandy to hold off for the 90 day period (or at least a little longer) so the patch isn't a rushed job? It would also give admins time to apply the patch as well - given it's so 'trivial' to exploit.

    8 0 Reply
    1. RyokuMas
      Reply Icon
      Devil

      Agreed...

      While in this connected age I think that it's everyone's responsibility to assist in making sure that systems are as secure as possible, this attitude of "here's an exploit I've found, I'm going public with it tomorrow" is irresponsible at best, corporate sabotage at worst...

      5 0 Reply
    2. sisk
      Reply Icon

      The patch was released 3 days into the 90 day timescale. The article doesn't say when that was. It could well have been 3 months ago.

      0 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        The patch was released on the 22nd, from http://googleprojectzero.blogspot.co.uk/2015/06/analysis-and-exploitation-of-eset.html: "ESET released an update to their scan engine on 22-Jun-2015."

        But even if it was 3 months ago, it was still made public on day 4 of the 90 day timescale which isn't a huge amount of time for testing.

        0 0 Reply
  2. Captain Scarlet
    Paris Hilton

    Is title Correct?

    I assume the security suite and other products with the same script scanners not running the pre-release engine are affected as well?

    I could be wrong but nothing on the Eset site confirm what was affected and haven't seen any updates on my Eset install (Security Suite).

    2 0 Reply
  3. prince_huggy

    As long as your updates are working and you are above Update 11824, all should be OK.

    I think ESET did a good job on this and patched up within 3 days of finding out.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like