oss-sec mailing list archives
CVE for Kali Linux
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 21 Mar 2015 19:59:22 -0600
From RISKS, looks like it needs a CVE Date: Tue, 17 Mar 2015 07:37:50 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Kali Linux security is a joke! FYI -- Your best chance to hack the hackers... "Downloading Kali Linux" "Alert! Always make certain you are downloading Kali Linux from official sources, as well as verifying md5sums against official values. It would be easy for a malicious entity to modify a Kali install to contain malicious code, and host it unofficially." http://docs.kali.org/category/introduction --- No kidding! So how come whenever you do apt-get install in Kali Linux, it accesses http://security.kali.org and http://http.kali.org ?? Hasn't Kali heard about MITM attacks against http ?? What's the point of verifying md5 sums against "official values", if Kali can't even get the "official values" securely ?? -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Justin Steven (Mar 21)
- Re: CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Russ Allbery (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Amos Jeffries (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Justin Steven (Mar 21)