[liberationtech] secure download tool - doesn't exist?!?
Julian Oliver
julian at julianoliver.com
Tue Jul 2 01:05:28 PDT 2013
..on Tue, Jul 02, 2013 at 01:47:07AM +0000, adrelanos wrote:
> Julian Oliver:
> > ..on Mon, Jul 01, 2013 at 06:03:01PM +0000, adrelanos wrote:
> >> In response to "the tool doesn't exist"...
> >
> > apt-get install tor && torify wget http://path.to/file
> >
> > ;)
> >
>
> This doesn't solve infected downloads while downloading. Malicious Tor
> exists can tamper with it.
Of course. If it's a serious download I expect it to have a public SHA-256. If
it's a binary executable it better ship with the source. If it's a PDF or other
mimetype with known attack exploit vectors at the application layer, it should
probably be run in a jail or VM, etc etc.
But anyway, my comment was tongue-in-cheek and doesn't come near a solution for
increasingly browser-oriented end-users.
Cheers,
--
Julian Oliver
http://julianoliver.com
http://criticalengineering.org
More information about the liberationtech
mailing list