Fuck Logitech’s SetPoint and their piss poor approach to security
I said this 5 years ago, and it holds true today. One of the best infection vectors I can think of is to compromise SetPoint, the buggy shitware that Logitech forces you to use in order to make use of your additional mouse buttons. It crashes repeatedly, when all it needs to do is listen to mouse buttons. It has an extremely large file size for what it is. It’s not checksummed on their site and billions of consumers install it.
I was checking my logs and saw my download for their Unifying tool, which you are REQUIRED to have to pair your fucking mouse was redirected to some 3rd party site called navisite.com. By querying virustotal I saw that many different packages for Logitech are downloaded from that site that flag AV, in some cases with a 50% detection rate.
What does that mean? Either that is a malware site I was redirected to from malware on my system, or Logitech was compromised and their executables infected. It’s a smart move really, what other executables can you think of that are downloaded by so many people with little concern for security?
Don’t even get me started on D-Link and their shit-tastic approach to locking down their webcams. No passwords over 8 characters? Completely fucked SSL authentication? Buy a D_Link camera and you might as well stick a camera up your ass and broadcast it to the world. And that’s not even making it accessible over the internet.