Announcement

Collapse
No announcement yet.

Splashtop Security Hole Exposed

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    should i already have this? and if not where can i get one.

    Comment


    • #12
      Hi:

      I want to buy the newest asus nj10 because of the express gate function,

      do it still have the security hole?

      I intend to do internet banking from splashtop,then will my password will be seen by other people?
      Because I used to use a fedora linux cd but since it need longer waiting time,then I consider express gate can be a better option,

      Is there other way to help me hacking it ,make it secure to use banking online,and I cannot afford a hardware firewall!

      thanks

      Comment


      • #13
        Well you should update to the latest splashtop then. Then the apache is more restricted. When https is used and you do not have to accept a new certificate it is in most cases secure. If you need java a pure splashtop will not fit your need. Well i created a java addon

        Comment


        • #14
          Originally posted by Kano View Post
          Well you should update to the latest splashtop then. Then the apache is more restricted. When https is used and you do not have to accept a new certificate it is in most cases secure. If you need java a pure splashtop will not fit your need. Well i created a java addon
          Hello:

          well ,I forgot java may be a problem,could you post the instruction how to make it? very grateful!thanks,

          one post show it is writable because userfile will be saved,seems it is slightly insecure than a readonly linux live cd,which I solely depend on using for banking security.

          Comment


          • #15
            Well of course you can use a Linux live cd, Kanotix has for example Java preinstalled - could be started from hd or usb stick too btw.

            Comment


            • #16
              Below is the email reply from splashtop representative,
              !

              ...

              Thanks for your inquiry and interest in Splashtop.

              In short, the local file-system exposed security hole reported back in July, 2008 has long been fixed in newer releases of Splashtop (and its derivatives).

              ...

              Comment


              • #17
                Well there is still one attack possible, you can access files from the system when you know the full path already. At least the hd is not exposed to the network. When you don't need the picture viewer or mp3 player you can remove bs-apache.sqx, then the problem is gone completely. The bug was fixed, but for example HP still does not provide an update to Voodoo ISO with that fix - still at version 1.0.

                Comment


                • #18
                  Help! again.

                  I just had to reformat my hd and it took off expressgate...how do i get it back?

                  Comment


                  • #19
                    Use the Win installer? Like you find on the support page for P5Q.

                    Comment


                    • #20
                      I have an asus...and all i had to do to restore was hit f9 on startup...but it didn't reinstall it. now it says to use the expressgate setup but i can't find that anywhere on my computer.

                      Comment

                      Working...
                      X