Jump to content

pck1980

Members
  • Posts

    7
  • Joined

  • Last visited

Posts posted by pck1980

  1. If the CRC is also fetched via http, an attacker could redirect this request as well and provide the correct CRC for his own ZIP - unless you hardcoded the IP(s) of your server(s), which would make such a redirect more difficult (though probably not impossible).

    And as CRC doesn't detect all errors, one could probably even craft a ZIP file with different content, but the same CRC. A cryptographic hash such as SHA256 would avoid this.

  2. Thanks for your reply.

    But CRC does not suffice to detect deliberate manipulation, e.g. if an attacker would provide his own ZIP package. This could be done by redirecting requests for the "official" download server to some other that is under the control of the attacker, e.g. in a public WiFi. While this probably isn't an attack vector that's exploited on a daily basis, I still think it is something that should be fixed.

  3. On 19.4.2017 at 3:30 PM, Fiery said:

    The next AIDA64 stable update is scheduled for May or June, although there are many factors that could delay that release, for example the recent changes in AMD and Intel CPU roadmaps.  But please note that our beta builds are considered "quite stable", so you should give the latest one a chance ;)

     

    Thank you for your reply. With the latest update, it seems that the "CPU diode" value doesn't include this offset any more. :-)

    But for some reason, the "CPU" value is still 15 degrees below "CPU diode" (as it was with the previous version of AIDA64), so I'm now getting values of around 20 degrees here.

    In other words: The value reported by the motherboard seems to have changed with the latest version of AIDA64 as well, which seems kinda odd...

  4. With the release of the latest update, I realized that the updater of AIDA64 downloads the update via http, not https. As this would theoretically allow for man-in-the-middle attacks, I'd like to know whether the updater ensures that the correct update is downloaded and applied, e.g. by verifying its digital signature.

    EDIT: I accidentally posted this in the wrong forum - perhaps someone can move the thread to "General discussions" or wherever it seems to match best...

  5. Thank you for the quick reply. Do you already know when the next stable update will be released that will include these changes?

    Considering the CPU temperature, it seems that Gigabyte messed up something. Unfortunately, it's hard to tell which value the BIOS shows, as the CPU tends to get hotter there anyway. I'll have to have a look directly after system startup.

  6. Hi,

    I'm using the latest stable version of AIDA64 to monitor the system temperatures on my PC (Ryzen 1800X on Gigabyte GA-AB350M Gaming 3). Today, I noticed that AIDA64 shows strange values for the CPU temp, which I think started with a BIOS update from F2 to F4.

    CPU Diode seems to show the same temperature as AMD's Ryzen Master, but with a 20-degree offset (which is intended for the 1800X, but the latest update of Ryzen Master removed that offset). The second CPU temperature AIDA64 shows (simply labled 'CPU') however is now completely messed up: When the system is idle, it sometimes goes down to values below 20 degrees Celsius.

    It seems to me that it is always some 15 degrees below the temperature shown by Ryzen Master (which hopefully is the real one) and thus approx. 35 degrees below the value shown under 'CPU diode'.

    It would be great if 'CPU' would show the real temperature (again) and if the 20-degree offset was removed from 'CPU diode'.

×
×
  • Create New...