[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders
Tony Arcieri
bascule at gmail.com
Mon May 19 19:24:39 PDT 2014
On Mon, May 19, 2014 at 1:02 PM, Fabio Pietrosanti (naif) <
lists at infosecurity.ch> wrote:
> But you should not just ask people to switch to a "more secure
> software", but also understand what software do they use, working
> towards to secure what they "are using today" .
If you really want secure updates, depending on your threat model doing it
correctly is a very difficult problem. Fixing what exists today on a
case-by-case basis is going to be quite a chore.
Particularly problematic is the case of an MitM who knows a vulnerability
but wants to prevent certain clients from getting software upgrades to fix
it, so they can simply prevent the updaters from dialing home and the user
is typically none the wiser.
Also note that most software update systems are one key (or sadly in many
cases, zero keys) away from being remote code execution vulnerabilities.
All of these attacks are covered by The Update Framework:
http://theupdateframework.com/
See their paper Survivable Key Compromise In Software Update Systems:
http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=1046401A7F09F0F4F794359255756038?doi=10.1.1.175.6938&rep=rep1&type=pdf
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140519/641271e5/attachment.html>
More information about the liberationtech
mailing list