Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

Fabio Pietrosanti (naif) lists at infosecurity.ch
Wed Jun 4 05:07:36 PDT 2014


Il 5/15/14, 11:47 PM, Tom Ritter ha scritto:
> On 14 May 2014 23:36, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
>> i think that would be very important to organize a project to Audit the
>> functionalities of Auto-Update of software commonly used by human rights
>> defenders.
> Sounds interesting. What software did you have in mind?

Look what an attack tool has been just released:
Patch Binaries via MITM: BackdoorFactory + mitmProxy
https://github.com/secretsquirrel/BDFProxy

Sounds like that all SourceForge downloaded software can be easily
MitMed, along with GPG4Win and a long list.

Now mitm based binary patching to inject trojan it's also easier, we
really need to have someone work on that problem.

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org




More information about the liberationtech mailing list