[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Sat, May 31, 2014, at 12:06 AM, micah anderson wrote:
> >> > The cryptographic signatures that are validated automatically by
> >> > apt.
> >>
> >> What's stopping the attacker from serving a compromised apt?
> >
> > apt will check that the new apt is properly signed.
> This entire secure artifice depends entirely on the integrity of apt,
> and presumably the various libraries that it depends on.
> Now I don't want to call into question the esteemed authors of said
> program, and depending libraries, but I do think that providing https
> mirrors gives us two distinct advantages over plain http:
>         . in the case that there is a bug in apt, or gpg, or something
>           else, having https would provide at minimum a minor set of
>           defense against bulk, non-targeted quantum insert and
>           foxacid attacks, not to mention MiTM compromises from a
>           hostile local network

Yep, already mentioned this one. This is my biggest issue. I'm beginning
to this should be classified as a security bug in Debian.

>         . keeps an adversary who may be listening on the wire from
>           looking at what you are installing. who cares what you are
>           installing? well it turns out that is very interesting
>           information. If you can see that I've just installed X
>           package, and you then just look over at our security tracker
>           and find that this package has an exploit...

It's only metadata, so who cares right? Only kidding. This is a totally
legitimate scenario which I didn't think of. Nice.


  Alfie John

Reply to: