A Look In the Mirror: Attacks on Package Managers
Hi All,
Did anyone see this paper:
A Look In the Mirror: Attacks on Package Managers
http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf
It suggests that anyone who has control of a mirror can cause client
machines to install software created by the attacker or install an
outdated version of a package with a vulnerability the attacker knows
how to exploit.
Is anyone in Debian working on a response to this issue.
Cheers,
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
Reply to: