[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Wed Jun 4 05:07:36 PDT 2014
Il 5/15/14, 11:47 PM, Tom Ritter ha scritto:
> On 14 May 2014 23:36, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
>> i think that would be very important to organize a project to Audit the
>> functionalities of Auto-Update of software commonly used by human rights
>> defenders.
> Sounds interesting. What software did you have in mind?
Look what an attack tool has been just released:
Patch Binaries via MITM: BackdoorFactory + mitmProxy
https://github.com/secretsquirrel/BDFProxy
Sounds like that all SourceForge downloaded software can be easily
MitMed, along with GPG4Win and a long list.
Now mitm based binary patching to inject trojan it's also easier, we
really need to have someone work on that problem.
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
More information about the liberationtech
mailing list