Information security centric blog. Covering administrative, technical and governance security issues. Topics include compliance, microsoft windows, apple osx, solaris, unix and linux technical how-to. Discussions regarding penetration testing, security assessments, and security controls. Opinions related to PCI-DSS, NERC, FERC ISO27000 and other compliance related themes.
If you've been keeping up with the news today regarding the McBlunder by McAfee, you might not have thought of the chance that this might be intentional and malicious. About a year ago a security researcher documented a case where a remote update was maliciously replaced with other code. Now most products that do remote updates require some cryptographic signature to make sure that the update is legit (I assume, but don't know for sure that this is the case for McAfee updates), but what if the update was tampered and changed before it was signed. This is not too far fetched and certainly damages McAfee which malware authors never pass up on these types of opportunities. It will be interesting to see if this angle is explored at all - or at least what McAfee releases after the internal investigation.
And for those affected - here is the official fix at this time via McAfee