[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back

To: noloader@xxxxxxxxx
Subject: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
From: Jhfjjf Hfdsjj <taser3000@xxxxxxxxx>
Date: Mon, 1 Nov 2010 09:36:24 -0700 (PDT)


>> I do not believe anyone is 'ptoposing' anything. All he said was that package
>> signing should not be taken as a silver bullet, for experience has shown that
> >the key's themselves are capable of being compromised if a vendor is
>> successfully attacked.
>>
>> Exactly what I would expect from *.edu

>I read differently,

Then by all means, elaborate.



      

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
  - From: Jeffrey Walton
- Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
  - From: Jhfjjf Hfdsjj
- Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
  - From: Jeffrey Walton

Prev by Date: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
Next by Date: [Full-disclosure] [SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
Previous by thread: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
Next by thread: Re: [Full-disclosure] Evilgrade 2.0 - the update explotation framework is back
Index(es):
- Date
- Thread