Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

Blibbet blibbet at
Fri May 23 13:41:37 PDT 2014

There was a good thread on this topic on the OSS-Security list, and 
another, probably this list about 6 months ago.

It'd be worth studying Tor's Thandy, a secure update tool. I wish I 
could recall why Tor abandoned Thandy, that might be important. :-( 
There might be clues in Trac.

BTW, when auditing auto-updates, don't both Windows and Apple use CDNs 
like Akamai, to push out their new updates? I seem to recall some 
Snowden-related articles mentioning CDNs including Akamai; a great place 
for an adversary to update system binaries.

More information about the liberationtech mailing list