[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Fri, May 30, 2014, at 10:43 PM, Alfie John wrote:
> > The cryptographic signatures that are validated automatically by apt. 
> What's stopping the attacker from serving a compromised apt?

Thinking about this more, If I wanted to target a Debian system via
MITM, serving a compromised APT would be all I needed. In the future, a
modified package could be served and it wouldn't matter what the
signatures were seeing is I could have control of APT.


  Alfie John

Reply to: