Il 5/20/14, 4:24 AM, Tony Arcieri ha scritto:
Also note that most software update systems are one key (or sadly in
many cases, zero keys) away from being remote code execution
vulnerabilities.
All of these attacks are covered by The Update Framework:
http://theupdateframework.com/
But it's
There was a good thread on this topic on the OSS-Security list, and
another, probably this list about 6 months ago.
It'd be worth studying Tor's Thandy, a secure update tool. I wish I
could recall why Tor abandoned Thandy, that might be important. :-(
There might be clues in Trac.
Hello Carlo. PrivateCore is my company and ironically your libtech message
was flagged as spam in my inbox.
You are correct that today's technology reduces the trust to the CPU and,
for now, the TPM. I view that a significant improvement compared to having
to trust all components, like network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wednesday, May 14, 2014 7:07 PM, Nicholas Merrill wrote:
United States of Secrets (Part One)
How did the government come to spy on millions of Americans? In
United States of Secrets, FRONTLINE goes behind the headlines to
reveal the