Il 5/15/14, 11:47 PM, Tom Ritter ha scritto: > On 14 May 2014 23:36, Fabio Pietrosanti (naif) <[email protected]> wrote: >> i think that would be very important to organize a project to Audit the >> functionalities of Auto-Update of software commonly used by human rights >> defenders. > Sounds interesting. What software did you have in mind? I think that what should be done is: - Identify the 10-15 mostly used software by Human Rights Defenders for each countries where Human Rights are most in danger (to be done trough a network of on-field partners with survey) - Audit each of them for the Self-Update, Download methods, Download instructions, Version checking, etc, against a defined methodology of requirements (to be defined) - Advise the software manufacturer on how to improve it - Within 6 months, publish the detailed results, including a set of additional "recommendation" to make all of those set of software
I think that's plenty of software that are used by activists and journalists on field in difficult places that have a lot of insecurities, being graphical software, data collection software, web editing software, etc, etc While our "hackish" communities mostly focus on the "security softwares", on-fields the people use just general purposes sofware for doing general purpose works, but that's where the "adversary" able to MitM a connection, can leverage stupid bugs to inject directly or indirectly monitoring malware. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
