Michael Vincent van Rantwijk, MultiZilla wrote: > Let's go back one step: *if* Joe Hacker gets control over mozdev.org > somehow, then he _can_ change the links and the downloads, easily, > because the mirrors pull from that box, and that is the same for > mozilla.org I suppose!
This is true. But it doesn't contradict anything I've said. Let's make it simple: No link fingerprints: Download mirror hacked => attacker has won Webserver hacked => attacker has won Link fingerprints: Download mirror hacked => attacker has lost Webserver hacked => attacker has won Notice the improvement? >> So "the download is trojaned" does not automatically imply that the >> hacker has access to change the fingerprint. > > In this case it does, and I'm not alone on this. No. You are mixing up cause and effect. I am saying "Download server hacked =/= hacker can change the fingerprint". You are saying "Hacker can change the fingerprint == hacker can cause you to download a trojan". This is true, but it's not the opposite of what I'm saying. Link Fingerprints are not a security panacea. They are a way of raising the bar without making the user do any work. They would have avoided or mitigated every trojaned download problem I've come across in the past few years. Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
