Il 5/18/14, 6:24 PM, Rich Kulawiec ha scritto: > On Thu, May 15, 2014 at 07:36:07AM +0200, Fabio Pietrosanti (naif) wrote: >> i think that would be very important to organize a project to Audit the >> functionalities of Auto-Update of software commonly used by human rights >> defenders. > Yes, but I'll go one step further: auto-update is a horrible idea -- even > if the connection is encrypted. But the problem is still there: - there's plenty of small software with auto-update functionalities to be audited/exploited - there's probably many that provide their download instructions / installation files over http
Auditing most of them would make the people more resilient against easier/stupid attacks, increasing the attack difficulty for the adversary. But you should not just ask people to switch to a "more secure software", but also understand what software do they use, working towards to secure what they "are using today" . -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
