-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:219
http://www.mandriva.com/security/
Hello Full-Disclosure, the CFP for YSTS V is now open!
---
YSTS 5th Edition
Sao Paulo, Brazil
May 16th, 2011
Call for Papers Opens: November 1st 2010
Call for Papers Close: February 28th 2011
http://www.ysts.org
@ystscon
INTRODUCTION
Following the success of previous editions, the 5th
It would indeed be vulnerable to that, and you're also right about this
attack vector being quite small.
But IMHO an updates mechanism that signs it's packages it quite easy to
implement, so we're talking about getting a tangible benefit from a small
effort. Preventing the signing key from being
On Sun, Oct 31, 2010 at 10:36 AM, valdis.kletni...@vt.edu wrote:
On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas said:
Just signing the update packages prevents this attack, so it's not that hard
to fix.
Except if a signing key gets compromised, as happened to one Linux vendor
recently,
No, he's just saying that a bank might be accidentally broken and
robbedaccidentally.of course
On Mon, Nov 1, 2010 at 4:13 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, Oct 31, 2010 at 10:36 AM, valdis.kletni...@vt.edu wrote:
On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas
On Mon, Nov 1, 2010 at 12:26 PM, Jhfjjf Hfdsjj taser3...@yahoo.com wrote:
On Sun, Oct 31, 2010 at 10:36 AM, valdis.kletni...@vt.edu wrote:
On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas said:
Just signing the update packages prevents this attack, so it's not that
hard
to fix.
Except if a
On Sun, Oct 31, 2010 at 10:36 AM, valdis.kletni...@vt.edu wrote:
On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas said:
Just signing the update packages prevents this attack, so it's not that hard
to fix.
Except if a signing key gets compromised, as happened to one Linux vendor
recently,
I do not believe anyone is 'ptoposing' anything. All he said was that package
signing should not be taken as a silver bullet, for experience has shown that
the key's themselves are capable of being compromised if a vendor is
successfully attacked.
Exactly what I would expect from *.edu
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2123-1 secur...@debian.org
http://www.debian.org/security/ Florian Weimer
November 01, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2124-1 secur...@debian.org
http://www.debian.org/security/ Florian Weimer
November 01, 2010
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ ) Y Y \
/__ /\___|__ / \___ /|__|_| /
\/ \/.-.\/ \/:wq
11 matches
Mail list logo