üzenetek

hozzászólások


dabadab
(félisten)
Blog

Aztaq... most megnéztem a Gigabyte-ot, ez egyszerre baromi vicces és tragikus:

2018-04-24: SecureAuth sent an initial notification to services@gigabyte and services@gigabyteusa and requested for a security contact in order to send a draft advisory.
2018-04-30: Gigabyte Technical support team answered saying the notification was too general and requested SecureAuth to open a ticket in the Support portal.
[...]
2018-05-04: Gigabyte Technical support team replied saying that Gigabyte is a hardware company and they are not specialized in software, and requested for technical information.
[...]
2018-05-16: Gigabyte Technical support team answered that Gigabyte is a hardware company and they are not specialized in software. They requested for technical details and tutorials to verify the vulnerabilities.
[...]
2018-05-16: Gigabyte replied saying that the draft advisory was general and asked for a personal contact.
[...]
2018-05-16: Gigabyte replied saying that the draft advisory was general and asked for a phone contact again.
[...]
2018-07-12: Gigabyte responded that, according to its PM and engineers, its products are not affected by the reported vulnerabilities.
2018-12-18: Advisory CORE-2018-0007 published as 'user release'.

Szóval nagyjából három hónapon keresztül odáig nem sikerült eljutniuk, hogy a proof-of-conceptet kipróbálják, hogy tényleg lássák, hogy a saját drivereikben ott a biztonsági rés, majd a végén letagadták az egészet.

[ Szerkesztve ]

üzenetek