On Mon, May 19, 2014 at 1:02 PM, Fabio Pietrosanti (naif) < [email protected]> wrote:
> But you should not just ask people to switch to a "more secure > software", but also understand what software do they use, working > towards to secure what they "are using today" . If you really want secure updates, depending on your threat model doing it correctly is a very difficult problem. Fixing what exists today on a case-by-case basis is going to be quite a chore. Particularly problematic is the case of an MitM who knows a vulnerability but wants to prevent certain clients from getting software upgrades to fix it, so they can simply prevent the updaters from dialing home and the user is typically none the wiser. Also note that most software update systems are one key (or sadly in many cases, zero keys) away from being remote code execution vulnerabilities. All of these attacks are covered by The Update Framework: http://theupdateframework.com/ See their paper Survivable Key Compromise In Software Update Systems: http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=1046401A7F09F0F4F794359255756038?doi=10.1.1.175.6938&rep=rep1&type=pdf -- Tony Arcieri
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
