Il 5/15/14, 11:47 PM, Tom Ritter ha scritto: > On 14 May 2014 23:36, Fabio Pietrosanti (naif) <[email protected]> wrote: >> i think that would be very important to organize a project to Audit the >> functionalities of Auto-Update of software commonly used by human rights >> defenders. > Sounds interesting. What software did you have in mind?
Look what an attack tool has been just released: Patch Binaries via MITM: BackdoorFactory + mitmProxy https://github.com/secretsquirrel/BDFProxy Sounds like that all SourceForge downloaded software can be easily MitMed, along with GPG4Win and a long list. Now mitm based binary patching to inject trojan it's also easier, we really need to have someone work on that problem. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
