Linux Download Man in the Middle Attack?

Discussion in 'privacy technology' started by lucygrl, Dec 5, 2013.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    I was just wondering how common are Man in the Middle Attacks during Linux Downloads?
    Has anyone here experienced that when downloading Linux?
     
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    It depends on what your downloading and what your threat model is.

    The NSA is known to MiTM the TOR browser download and serve up compramised TOR browser bundles. I've also noticed MiTM attacks on Ubuntu's update service, by whom I don't know , maybe a state actor maybe not.

    The truth is out there...
     
  3. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou, so how can I check if my Tor has been compromised?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    At <https://www.torproject.org/projects/torbrowser.html.en>, see the section "How to verify the digital signatures on ...". In the list of downloads (Tor Browser Bundle Downloads) there's a "(sig)" (for signature) link next to each download link.
     
Loading...
Thread Status:
Not open for further replies.