Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > other security issues & news
Reload this Page Attacks on Linux Package Managers?
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old July 16th, 2008, 10:00 AM
tlu's Avatar
tlu tlu is offline
Very Frequent Poster
  
Join Date: Sep 2004
Posts: 2,065
Default Attacks on Linux Package Managers?
http://www.cs.arizona.edu/people/jus...-managers.html

The recommendation to use only trustworthy official repositories is definitely correct. I don't know how other distros handle the mirror-server problem. But as far as Ubuntu is concerned, there are centralized security updates via security.ubuntu.com (and not via mirror servers). Thus, an attacker would have to perform a man-in-the-middle-attack between s.u.c. and my computer - very unlikely . For non-security updates the first sentence applies (i.e. to stick with the default servers or - if you're paranoid - with archive.ubuntu.com).

But again - other distros might be more affected. Any users of these distros who can deliver some insight?
  #2  
Old July 16th, 2008, 05:28 PM
lodore lodore is offline
Incredibly Massive Poster
  
Join Date: Jun 2006
Posts: 8,876
Default Re: Attacks on Linux Package Managers?
Hey Tomas, yesterday yast the package manager for opensuse told me there was a security issue with the package manager itself and then updated it along with various other updates.
__________________
useful tools:cure it SAS Hitman Pro mbam KL Eset windows defender offline Sophos
  #3  
Old July 18th, 2008, 11:59 AM
Hermescomputers's Avatar
Hermescomputers Hermescomputers is offline
Frequent Poster
  
Join Date: Jan 2006
Location: Toronto, Ontario, Canada, eh?
Posts: 939
Default Re: Attacks on Linux Package Managers?
So far I can't see anything taking place in either of our Mandriva or Kubuntu boxes related to the package manager...
__________________
--
Live Technical Support Help Desk
We Provides Online Computer Help. Our technical Support Staff Can Fix Computer Problems, Clean Viruses, Speed up your Computer, Remove Spyware, and Eliminate Computer Crashes.
www.hermes-computers.ca
  #4  
Old July 18th, 2008, 12:00 PM
Hermescomputers's Avatar
Hermescomputers Hermescomputers is offline
Frequent Poster
  
Join Date: Jan 2006
Location: Toronto, Ontario, Canada, eh?
Posts: 939
Default Re: Attacks on Linux Package Managers?
sorry bout the double post... using XP Pro... since SP3, we get nothing but glitches across the board... I cant wait until I'm 100% linux on the entire infrastructure...
__________________
--
Live Technical Support Help Desk
We Provides Online Computer Help. Our technical Support Staff Can Fix Computer Problems, Clean Viruses, Speed up your Computer, Remove Spyware, and Eliminate Computer Crashes.
www.hermes-computers.ca
  #5  
Old July 18th, 2008, 05:08 PM
tlu's Avatar
tlu tlu is offline
Very Frequent Poster
  
Join Date: Sep 2004
Posts: 2,065
Default Re: Attacks on Linux Package Managers?
Quote:
Originally Posted by Hermescomputers
I cant wait until I'm 100% linux on the entire infrastructure...

Yes,definitely a good choice.
 

Wilders Security Forums > Other Security Topics > other security issues & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 12:03 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums