[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT] Re: [Full-Disclosure] Knocking Microsoft

To: Martin Mačok <martin.macok@xxxxxxxxxxxxxx>
Subject: Re: [OT] Re: [Full-Disclosure] Knocking Microsoft
From: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
Date: Sat, 28 Feb 2004 19:08:05 +0100

Le sam 28/02/2004 à 10:31, Martin Mačok a écrit :
> > % apt-get update && apt-get upgrade
> > % apt-get install apache-ssl
> Will it transfer the data in a secure way? (SSL?)

What's the point securing publicly available data transfer with SSL ?
The only thing that is important regarding to security for remote
software installation and/or upgrade is archive authentication and
integrity check after reception so one can avoid trojaned stuff.

> Will it verify the data after being downloaded? (PGP signature?)

Can be configured to do so. BTW, sadly, by default, only MD5 is checked.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Knocking Microsoft
  - From: James P. Saveker
- [OT] Re: [Full-Disclosure] Knocking Microsoft
  - From: Robert Brockway
- Re: [OT] Re: [Full-Disclosure] Knocking Microsoft
  - From: Paul Schmehl
- Re: [OT] Re: [Full-Disclosure] Knocking Microsoft
  - From: Martin Mačok

Prev by Date: Re: [Full-Disclosure] Re: Knocking Microsoft
Next by Date: Re: [OT] Re: [Full-Disclosure] Knocking Microsoft
Previous by thread: Re: [OT] Re: [Full-Disclosure] Knocking Microsoft
Next by thread: Re: [OT] Re: [Full-Disclosure] Knocking Microsoft
Index(es):
- Date
- Thread