Search Mailing List Archives
[liberationtech] Chromebooks for Risky Situations?
rsk at gsp.org
Wed Feb 6 07:52:23 PST 2013
On Wed, Feb 06, 2013 at 10:24:28AM -0500, Tom Ritter wrote:
> - ChromeOS's update mechanism is automatic, transparent, and basically
> foolproof. Having bricked Ubuntu and Gentoo systems, the same is not
> true of Linux.
Concur on this point, and wish to ask a related question:
Many operating systems and applications and even application extensions
(e.g., Firefox extensions) now attempt to discover the presence of updates
for themselves either automatically or because a user instructs them to do.
Is there any published research on the security consequences of doing so?
(What I'm thinking of is an adversary who observes network traffic
and thus can ascertain operating system type/version/patch level,
installed application base/version/patch level, etc.)
More information about the liberationtech