Search Mailing List Archives
[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders
blibbet at gmail.com
Fri May 23 13:41:37 PDT 2014
There was a good thread on this topic on the OSS-Security list, and
another, probably this list about 6 months ago.
It'd be worth studying Tor's Thandy, a secure update tool. I wish I
could recall why Tor abandoned Thandy, that might be important. :-(
There might be clues in Trac.
BTW, when auditing auto-updates, don't both Windows and Apple use CDNs
like Akamai, to push out their new updates? I seem to recall some
Snowden-related articles mentioning CDNs including Akamai; a great place
for an adversary to update system binaries.
More information about the liberationtech