A Look In the Mirror: Attacks on Package Managers

To: debian-devel@lists.debian.org
Subject: A Look In the Mirror: Attacks on Package Managers
From: Erik de Castro Lopo <mle+debian@mega-nerd.com>
Date: Sun, 6 Jun 2010 12:28:27 +1000
Message-id: <[🔎] 20100606122827.acb09dd5.mle+debian@mega-nerd.com>
Reply-to: debian-devel@lists.debian.org

Hi All,

Did anyone see this paper:

    A Look In the Mirror: Attacks on Package Managers
    http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf

It suggests that anyone who has control of a mirror can cause client
machines to install software created by the attacker or install an
outdated version of a package with a vulnerability the attacker knows
how to exploit.

Is anyone in Debian working on a response to this issue.

Cheers,
Erik
-- 
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/

Reply to:

Follow-Ups:
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: James Vega <jamessan@debian.org>
- Re: A Look In the Mirror: Attacks on Package Managers
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#584723: ITP: libhdhomerun -- Configuration utility for Silicon Dust HD HomeRun
Next by Date: Possible Mass Bug Filing: String Exceptions Removed in Python 2.6
Previous by thread: Bug#584723: ITP: libhdhomerun -- Configuration utility for Silicon Dust HD HomeRun
Next by thread: Re: A Look In the Mirror: Attacks on Package Managers
Index(es):
- Date
- Thread