..on Tue, Jul 02, 2013 at 01:47:07AM +0000, adrelanos wrote: > Julian Oliver: > > ..on Mon, Jul 01, 2013 at 06:03:01PM +0000, adrelanos wrote: > >> In response to "the tool doesn't exist"... > > > > apt-get install tor && torify wget http://path.to/file > > > > ;) > > > > This doesn't solve infected downloads while downloading. Malicious Tor > exists can tamper with it.
Of course. If it's a serious download I expect it to have a public SHA-256. If it's a binary executable it better ship with the source. If it's a PDF or other mimetype with known attack exploit vectors at the application layer, it should probably be run in a jail or VM, etc etc. But anyway, my comment was tongue-in-cheek and doesn't come near a solution for increasingly browser-oriented end-users. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
