Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- From: Christian Sciberras <uuf6429@xxxxxxxxx>
- Date: Mon, 1 Nov 2010 16:34:12 +0100
No, he's just saying that a bank might be accidentally broken and
robbed....accidentally.....of course....
On Mon, Nov 1, 2010 at 4:13 PM, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
On Sun, Oct 31, 2010 at 10:36 AM, <Valdis.Kletnieks@xxxxxx> wrote:_______________________________________________
On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas said:hard
Just signing the update packages prevents this attack, so it's not that
??? Are you ptoposing to throw the baby out with the bath water ??? Ito fix.
Except if a signing key gets compromised, as happened to one Linux vendor
recently, causing a lot of kerfluffle...
would not have expected that from *.edu.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- From: Jeffrey Walton
- Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- Prev by Date: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- Next by Date: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- Previous by thread: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- Next by thread: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
- Index(es):
Relevant Pages
|
