CERT/CC warns for security issue with Samsung Magician SSD software

Posted 19 June 2017 18:10 CEST by Jan Willem Aldershoff

The CERT Coordination Centre (CERT/CC) of the Carnegie Mellon University warns for a vulnerability in Samsung’s Magician software that makes it possible, in certain cases, to utilize it to infect computers with malware. Samsung Magician is a tool to manage, test and update Samsung SSDs.

 

Prior to version 5.0 of the software, the automatic update feature used unencrypted HTTP to check for, and download, new updates. With version 5.0, Samsung changed to HTTPS, but the tool didn’t properly check the used SSL certificate. This makes it possible for an attacker on the same network as the victim, to perform a man-in-the-middle attack. E.g the attacker could offer a malicious update that could be executed with administrator privileges.

Samsung has now released Magician 5.1. Because the automatic update feature is vulnerable, CERT/CC advises to update Samsung Magician manually till Samsung releases an update that fixes the vulnerability.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×