Full Disclosure mailing list archives
Re: Evilgrade 2.0 - the update explotation framework is back
From: Christian Sciberras <uuf6429 () gmail com>
Date: Mon, 1 Nov 2010 16:34:12 +0100
No, he's just saying that a bank might be accidentally broken and robbed....accidentally.....of course.... On Mon, Nov 1, 2010 at 4:13 PM, Jeffrey Walton <noloader () gmail com> wrote:
On Sun, Oct 31, 2010 at 10:36 AM, <Valdis.Kletnieks () vt edu> wrote:On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas said:Just signing the update packages prevents this attack, so it's not thathardto fix.Except if a signing key gets compromised, as happened to one Linux vendor recently, causing a lot of kerfluffle...??? Are you ptoposing to throw the baby out with the bath water ??? I would not have expected that from *.edu. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Evilgrade 2.0 - the update explotation framework is back Mario Vilas (Nov 01)
- <Possible follow-ups>
- Re: Evilgrade 2.0 - the update explotation framework is back Jeffrey Walton (Nov 01)
- Re: Evilgrade 2.0 - the update explotation framework is back Christian Sciberras (Nov 01)
- Re: Evilgrade 2.0 - the update explotation framework is back Jhfjjf Hfdsjj (Nov 01)
- Re: Evilgrade 2.0 - the update explotation framework is back Jeffrey Walton (Nov 01)
- Re: Evilgrade 2.0 - the update explotation framework is back Jhfjjf Hfdsjj (Nov 01)
- Re: Evilgrade 2.0 - the update explotation framework is back T Biehn (Nov 02)
- Re: Evilgrade 2.0 - the update explotation framework is back Christian Sciberras (Nov 02)