Skip to main content
  1. Home
  2. Computing
  3. News

Google’s Project Zero chastised Trend Micro over security vulnerability

By

google said to be planning new messaging app that uses ai headquarters sign
Image used with permission by copyright holder
When you pay for security software, you probably hope it’s protecting you — not creating a massive security breach in and of itself. But if you ran Trend Micro’s password manager, enabled by default for all Trend Micro users, any site on the web could have executed any app on your computer just by including a bit of code.

A patch issued today mostly solves the problem. But as Ars Technica reports, that only happened because Google Project Zero team member Tavis Ormandy publicly berated the company.

Recommended Videos

“I don’t even know what to say — how could you enable this thing by default on all your customer machines without getting an audit from a competent security consultant?” wrote Ormandy in a long email exchange the company has since made public.

Related

Ormandy claimed it took him “about 30 seconds” to find the vulnerability, and demonstrated it by quickly building a Web page that could remotely launch the Windows calculator if opened on a computer with the password manager installed and running — regardless if users were using it.

That’s true even if you don’t use the password manager, but it gets worse if you do: A related vulnerability made it possible to read all of a users’ saved usernames and passwords in plain text.

A recent update patches the exploit by only allowing Trend Micro sites to send such commands. If you use Trend Micro, make sure everything is up to date, or you might be extremely exposed to all sorts of problems.

But even if you do update, there still could be problems. As of today, Ormandy is saying this “is not sufficient to prevent attacks,” because something like DNS spoofing could trick your computer into thinking a command is coming from Trend Micro. Ormandy added that “a better solution would be to digital sign requests with a certificate.”

Google Project Zero is a team of security researchers inside Google that find zero-day exploits, problems that would otherwise be exploited by hackers. The team gives software companies 30 days to fix the problem, at which point they make it public. The idea is to make the Internet a safer place by getting these exploits fixed before hackers can use them, though this has prompted controversy: Some companies feel this isn’t enough time. It is more time than a hacker would grant, though.

Editors' Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Best external hard drive deals: Portable SSDs, game drives & more
A man uses a WD My Passport external hard drive alongside his laptop.

While a lot of content has gone digital these days, including things like cloud storage services allowing us to store our files online, having a physical form of storage to keep with you is important. In a similar vein, it's frustrating that some of the best phones on the market don't even come with a lot of internal space, while most laptop deals you take advantage of also likely will land you with less than 1TB of storage. To that end, we've gone out and collected some of our favorite external hard drive deals we could find and collected them below, and some of them are even the best external hard drives on the market, so be sure to check out all our picks.
Seagate FireCuda Gaming 2TB -- $60, was $100

If you have a gaming setup that's full of RGB and you want to add a little bit to it while still extending your hard drive space, then you should absolutely grab this 2TB Seagate FireCuda Gaming. It has a customizable LED under the bottom lip of the hard drive, and it even comes with the latest 3.2 gen USB standard, so you can game off of it directly on your PC or older console. While you hopefully won't need it, it also comes with 3-years of data recovery service, which is a nice plus at this price bracket.

Read more
Start today: Save with Dell and shape a more sustainable future for us all
Dell Sustainable Future for Earth Day featured image

Earth Day may be over, but sustainability and eco-initiatives cannot be relegated to a single day, week, or month. To make any impact in today's hyperconnected and tech-centric world, they must be sustained long-term via thoughtful, engaging actions. For example, e-waste or electronic waste from old, dysfunctional, or discarded electronics is a considerable concern. Every year, millions of electronic devices or products are discarded and thrown away in landfills, many of which have hazardous or harmful materials inside that can poison the ground soil, water sources, and nearby communities. It's essential to not only intelligently dispose of these old devices but also find new ways to reuse and repurpose them so that the materials don't go to waste, let alone harm local communities.

We can all contribute to creating a more responsible, sustainable future by making the right choices, and Dell is making that possible. Thanks to advanced technology offers on PCs and accessories that are meant to help reduce e-waste. Dell has adopted the mantra “repurpose, reuse, and rethink” for a good reason. Many featured products are purposefully built with recycled plastics, shipped in renewable packaging and materials, and ultimately meant to help cut down on society's collective wastefulness so you can save big and feel good about it all.

Read more
The Dell G16 gaming laptop has a fantastic $600 price cut today
The Dell G16 gaming laptop.

We generally love all Dell laptop deals, and this one is no different with a huge $600 discount on the Dell G16 gaming laptop. Normally priced at $1,900, you can pay just $1,300 for a gaming laptop packed with great hardware. If you’re keen to check out one of the best gaming laptop deals out there, either tap the button below to see for yourself or keep reading and we’ll tell you all about it.

Why you should buy the Dell G16 gaming laptop
The Dell G16 gaming laptop has all the core hardware you could need. That includes a 13th-generation Intel Core i9-13900HX processor boasting a massive 24 cores and 32 threads. It also has 32GB of memory so it’s perfect for extensive multitasking needs. Alongside that is 1TB of SSD storage while the graphics card is the Nvidia GeForce RTX 4070 which is sure to help you play the latest games for a long time to come.

Read more