Re: Debian mirrors and MITM
On Fri, May 30, 2014, at 10:43 PM, Alfie John wrote:
> > The cryptographic signatures that are validated automatically by apt.
>
> What's stopping the attacker from serving a compromised apt?
Thinking about this more, If I wanted to target a Debian system via
MITM, serving a compromised APT would be all I needed. In the future, a
modified package could be served and it wouldn't matter what the
signatures were seeing is I could have control of APT.
Alfie
--
Alfie John
alfiej@fastmail.fm
Reply to: