Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Splashtop Security Hole Exposed

  1. #11
    Join Date
    Nov 2008
    Posts
    10

    Post

    should i already have this? and if not where can i get one.

  2. #12
    Join Date
    Nov 2008
    Posts
    3

    Default

    Hi:

    I want to buy the newest asus nj10 because of the express gate function,

    do it still have the security hole?

    I intend to do internet banking from splashtop,then will my password will be seen by other people?
    Because I used to use a fedora linux cd but since it need longer waiting time,then I consider express gate can be a better option,

    Is there other way to help me hacking it ,make it secure to use banking online,and I cannot afford a hardware firewall!

    thanks

  3. #13
    Join Date
    Aug 2007
    Posts
    6,631

    Default

    Well you should update to the latest splashtop then. Then the apache is more restricted. When https is used and you do not have to accept a new certificate it is in most cases secure. If you need java a pure splashtop will not fit your need. Well i created a java addon

  4. #14
    Join Date
    Nov 2008
    Posts
    3

    Default

    Quote Originally Posted by Kano View Post
    Well you should update to the latest splashtop then. Then the apache is more restricted. When https is used and you do not have to accept a new certificate it is in most cases secure. If you need java a pure splashtop will not fit your need. Well i created a java addon
    Hello:

    well ,I forgot java may be a problem,could you post the instruction how to make it? very grateful!thanks,

    one post show it is writable because userfile will be saved,seems it is slightly insecure than a readonly linux live cd,which I solely depend on using for banking security.

  5. #15
    Join Date
    Aug 2007
    Posts
    6,631

    Default

    Well of course you can use a Linux live cd, Kanotix has for example Java preinstalled - could be started from hd or usb stick too btw.

  6. #16
    Join Date
    Nov 2008
    Posts
    3

    Default

    Below is the email reply from splashtop representative,
    !

    ...

    Thanks for your inquiry and interest in Splashtop.

    In short, the local file-system exposed security hole reported back in July, 2008 has long been fixed in newer releases of Splashtop (and its derivatives).

    ...

  7. #17
    Join Date
    Aug 2007
    Posts
    6,631

    Default

    Well there is still one attack possible, you can access files from the system when you know the full path already. At least the hd is not exposed to the network. When you don't need the picture viewer or mp3 player you can remove bs-apache.sqx, then the problem is gone completely. The bug was fixed, but for example HP still does not provide an update to Voodoo ISO with that fix - still at version 1.0.

  8. #18
    Join Date
    Nov 2008
    Posts
    10

    Exclamation Help! again.

    I just had to reformat my hd and it took off expressgate...how do i get it back?

  9. #19
    Join Date
    Aug 2007
    Posts
    6,631

    Default

    Use the Win installer? Like you find on the support page for P5Q.

  10. #20
    Join Date
    Nov 2008
    Posts
    10

    Default

    I have an asus...and all i had to do to restore was hit f9 on startup...but it didn't reinstall it. now it says to use the expressgate setup but i can't find that anywhere on my computer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •