Full Disclosure mailing list archives
Re: secure downloading of patches (Re: Knocking Microsoft)
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sun, 29 Feb 2004 14:38:08 +0100
Le sam 28/02/2004 à 23:33, Martin Mačok a écrit :
Yes, that was my point. The main issue here is authentication and integrity -- you can achieve both with proper use of either SSL or PGP.
Good point. SSL can provide a proper identification for download site. However, this is not sufficient as legitimate site can get compromised and its date archive trojaned, as it's been the case with OpenSSH two years ago.
Regarding the use of encryption, you're not just making the data secret (pointless in the case of public data). You are also securing the communication channel so no third party sees exactly what patches are you downloading and cannot trick you into downloading some junk which could attack your patch management system (huge data, decompression bombs or even exploits).
Yes. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Knocking Microsoft, (continued)
- Re: Knocking Microsoft Valdis . Kletnieks (Feb 27)
- Re: Knocking Microsoft madsaxon (Feb 27)
- Re: Knocking Microsoft William Warren (Feb 27)
- [OT] Re: Knocking Microsoft Robert Brockway (Feb 27)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 27)
- Re: [OT] Re: Knocking Microsoft martin f krafft (Feb 28)
- Re: [OT] Re: Knocking Microsoft Martin Mačok (Feb 28)
- Re: [OT] Re: Knocking Microsoft Rui Miguel Seabra (Feb 28)
- Re: [OT] Re: Knocking Microsoft bryce (Feb 28)
- secure downloading of patches (Re: Knocking Microsoft) Martin Mačok (Feb 28)
- Re: secure downloading of patches (Re: Knocking Microsoft) Cedric Blancher (Feb 29)
- Re: secure downloading of patches (Re: Knocking Microsoft) Martin Mačok (Feb 29)
- Re: secure downloading of patches (Re: Knocking Microsoft) Cedric Blancher (Feb 29)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 27)
- Re: Knocking Microsoft Valdis . Kletnieks (Feb 27)
- Re: [OT] Re: Knocking Microsoft Cedric Blancher (Feb 28)
- Re: [OT] Re: Knocking Microsoft Tim (Feb 28)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 29)
- OT: Re: Knocking Microsoft gadgeteer (Feb 27)
- Re: OT: Re: Knocking Microsoft Valdis . Kletnieks (Feb 27)
- Re: OT: Re: Knocking Microsoft gadgeteer (Feb 27)