Lessons learned ? (DNS + Evilgrade)

After the dns + evilgrade fiasco I hope that insecure auto update functions are taken as serious as they should always have been Back in 2006 I warned about it when reporting that Zango Adware was downloading and executing udaptes without checking for authenticity. Zango fixed it eventually, my scenario I illustrated back then however was seen as unlikely event. Fast Forward 2 years - oops.

What is of more concern is that adware update process seems to be more "secure" in 2006 than adobe acrobat is in 2008. ouch.