Re: auto update vulnerability?


Subject: Re: auto update vulnerability?
From: Jim Gribbin (jgribbin@alaska.net)
Date: Wed Apr 10 2002 - 01:15:41 AKDT


OK, that covers you when getting packages from Deb, RH, Man, etc. But
what happens when people get software from other sources. Probably not
much of a problem right now in the Linux world, but as more people adopt
Linux, we will probably start seeing stuff like this in our world too.

Hey!! Look at this COOL [whatever], come get it, it's FREE!!

And the people will get it and will not read (or care about) the fine
print and the cycle will continue.

Jim Gribbin

On Tue, 2002-04-09 at 08:11, Greg Madden wrote:
> On Mon, 2002-04-08 at 23:10, bryan@ak.net wrote:
> >
> > There's a very interesting article at:
> > http://www.cs.berkeley.edu/~nweaver/0wn2.html
> >
> > While it doesn't mention Linux (or *NIX) by name, I wonder if
> > what it describes is a vulnerability of systems like debian's
> > apt-get or freebsd's ports tree.
> >
> > Any input from more experienced users than myself?
> >
> > --
> > Bryan Medsker
> > bryan@ak.net
>
> When I read it I thought of Windows boxes.As far as Debian goes all the
> packages have md5sums & are signed by their maintainers. I don't know
> how secure the Debian system reallly is but I know they go through a few
> steps to try & make it so.
> --
> Greg Madden
> Precision Air Balance, Inc.
> email:pabi@gci.net
> Phone:(907)276-0461 Fax:(907)258-0461
>
> -- Attached file included as plaintext by Listar --
> -- File: signature.asc
> -- Desc: This is a digitally signed message part
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQA8sxKbk7rtxKWZzGsRAqlfAJ9x8x/9BGZvxP+UkGcwFIrocVtYKQCfeqFr
> proVA/WC1RP9iUNhR8iXCrY=
> =FOPL
> -----END PGP SIGNATURE-----
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Wed Apr 10 2002 - 01:26:22 AKDT