Full Disclosure mailing list archives
Re: secure downloading of patches (Re: Knocking Microsoft)
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sun, 29 Feb 2004 20:44:30 +0100
Le dim 29/02/2004 à 17:57, Martin Mačok a écrit :
You are true that PGP is a stronger protection from this point of view but keep in mind that neither SSL nor PGP can protect us in the case of the compromised end point -- the server or developper's workstation in the case of SSL/TLS and the developper's workstation in the case of PGP.
Developper's private key compromission is quite unlikely to happen, although it is clearly possible, especially if we think to Valve case (code source steal through developper station compromise).
From the other point of view, only SSL/TLS can protect you against the attacks on the transfer itself. For example, the attacker can poison your DNS cache and trick you into connecting to the site that does not provide the patch (so you stay vulnerable).
True, this is definitly a good point I didn't think of. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Knocking Microsoft, (continued)
- Re: Knocking Microsoft William Warren (Feb 27)
- [OT] Re: Knocking Microsoft Robert Brockway (Feb 27)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 27)
- Re: [OT] Re: Knocking Microsoft martin f krafft (Feb 28)
- Re: [OT] Re: Knocking Microsoft Martin Mačok (Feb 28)
- Re: [OT] Re: Knocking Microsoft Rui Miguel Seabra (Feb 28)
- Re: [OT] Re: Knocking Microsoft bryce (Feb 28)
- secure downloading of patches (Re: Knocking Microsoft) Martin Mačok (Feb 28)
- Re: secure downloading of patches (Re: Knocking Microsoft) Cedric Blancher (Feb 29)
- Re: secure downloading of patches (Re: Knocking Microsoft) Martin Mačok (Feb 29)
- Re: secure downloading of patches (Re: Knocking Microsoft) Cedric Blancher (Feb 29)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 27)
- Re: [OT] Re: Knocking Microsoft Cedric Blancher (Feb 28)
- Re: [OT] Re: Knocking Microsoft Tim (Feb 28)
- Re: [OT] Re: Knocking Microsoft Paul Schmehl (Feb 29)
- OT: Re: Knocking Microsoft gadgeteer (Feb 27)
- Re: OT: Re: Knocking Microsoft Valdis . Kletnieks (Feb 27)
- Re: OT: Re: Knocking Microsoft gadgeteer (Feb 27)
- Re: Re: Knocking Microsoft Troy Solo (Feb 27)
- Re: Re: Knocking Microsoft madsaxon (Feb 27)