Il 5/20/14, 4:24 AM, Tony Arcieri ha scritto: > > Also note that most software update systems are one key (or sadly in > many cases, zero keys) away from being remote code execution > vulnerabilities. > > All of these attacks are covered by The Update Framework: > > http://theupdateframework.com/ But it's not so unrealistic that most of that small software being used by people on-field will move or change their update framework.
Still the activity to be done is to: a) identify mostly used software by people on-field b) audit them c) have the manufacturer to fix their existing update procedures But we just do not have any kind of data on the security status of small softwares being used by people on-field on their outdated windows/osx machines. What i know for sure is that those kind of techniques are heavily exploited by governmental agencies and no-one from the security community is trying to fix that kind of problem. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
