Sticking to HTTP Is “Trustworthy Computing… the Microsoft Way!”

Discussion in 'other security issues & news' started by Minimalist, Feb 17, 2018.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,885
    Location:
    Slovenia, EU
    https://wccftech.com/microsoft-security-updates-http/
     
    Minimalist, Feb 17, 2018
    #1
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,018
    Location:
    Member state of European Union
    Gnu/Linux distributions also download updates via unencrypted HTTP mirrors around the world, but they are cryptographically verified by package manager. By default package manager won't install cryptographically unsigned packages.
    Adversary can sniff the traffic and see what packages somebody has updated, installed, though.
     
    Last edited: Feb 18, 2018
    reasonablePrivacy, Feb 17, 2018
    #2
  3. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    RockLobster, Feb 17, 2018
    #3
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...