Package Managers As Achilles Heel 263
An anonymous reader writes "Researchers from the University of Arizona have released a study that takes a look at the security of ten popular package managers. They were able to show all ten were vulnerable to attacks from a mirror or man-in-the-middle that allow an attacker to (along with other things) crash the system or obtain root access. Furthermore, the researchers created a fictitious administrator and company name and were able to lease a server and get it listed as an official mirror for all the distributions they tried (Ubuntu, Debian, Fedora, CentOS, and OpenSUSE). This raised the question: What keeps you up at night, the thought of attacks on your package manager or previously discussed and patched vulnerability in DNS?" justin samuel (one of the Arizona researchers) also points out a synopsis on CERT's blog.
Answer (Score:5, Funny)
What keeps you up at night, the thought of attacks on your package?
Yes.
I better update now (Score:5, Funny)
I don't know about you but... (Score:1, Funny)
"project" managers (Score:3, Funny)
The headline should be project managers as achilles heal.
Re:Compile from source yourself! (Score:2, Funny)
It doesn't help at all. The grand parent is a twelve year old that discovered Gentoo yesterday. Gentoo is '1337' yo.
Re:So, Linux is not more secure? (Score:2, Funny)
Re:Compile from source yourself! (Score:5, Funny)
You've got him all wrong. He's a twelve year old with a PhD that reads and understand every line of code before he allows it to execute on his own hardware.
Re:Neither (Score:5, Funny)
Re:Neither (Score:3, Funny)
Comment removed (Score:5, Funny)
Re:Neither (Score:5, Funny)
I'm almost certain you didn't.
Re:Neither (Score:3, Funny)
Slackware (Score:5, Funny)
Re:Answer (Score:5, Funny)
Re:Compile from source yourself! (Score:5, Funny)
Re:Neither (Score:2, Funny)
Neither keep me up at night, I have a girlfriend and things to get done.
Perhaps you should consider changing your girlfriend, mine can always keep me up.
(for those without sense of humour up is used as erected)
Re:Neither (Score:4, Funny)
Neither keep me up at night, I have a girlfriend and things to get done.
Perhaps you should consider changing your girlfriend, mine can always keep me up.
(for those without sense of humour up is used as erected)
Do you often find yourself having to explain your erections?
Re:Compile from source yourself! (Score:5, Funny)
Also, you have to trust your compiler, which you *had* to get from someone else.
Nah, I wrote my own compiler directly in machine code. I didn't trust my keyboard manufacturer either, so I tapped out Morse code on a homemade key. I made the BIOS out of coconuts, but that was just because that douchebag Gilligan said it couldn't be done.
-Roy Hinkley
Re:Neither (Score:3, Funny)
Re:Neither (Score:2, Funny)
Re:Answer (Score:5, Funny)
Re:Answer (Score:4, Funny)
Iran's missile keeps me up at night more than my Ubuntu's package manager.
That depends on whether you live next door to one launchpad or the the other [launchpad.net].
Re:Answer (Score:2, Funny)
Kittens? Ha! (Score:3, Funny)
Let me know when you have a 14lb. cat with bigass claws who likes to sit in your lap and use you as a scratching post.
Re:Answer (Score:2, Funny)
You must have kittens...
No, he's an acquaintance of Jesse Jackson.
Re:Neither (Score:3, Funny)
I don't think you did.