Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [OT] Re: Knocking Microsoft

From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sat, 28 Feb 2004 19:08:05 +0100
Le sam 28/02/2004 à 10:31, Martin Mačok a écrit :

% apt-get update && apt-get upgrade
% apt-get install apache-ssl

Will it transfer the data in a secure way? (SSL?)


What's the point securing publicly available data transfer with SSL ?
The only thing that is important regarding to security for remote
software installation and/or upgrade is archive authentication and
integrity check after reception so one can avoid trojaned stuff.


Will it verify the data after being downloaded? (PGP signature?)


Can be configured to do so. BTW, sadly, by default, only MD5 is checked.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: