764761
submission
+- Package Managers an Achilles Heel? on Thursday July 10 2008, @10:40AM Anonymous Coward
Submitted
by
Anonymous Coward
on Thursday July 10 2008, @10:40AM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
An anonymous reader writes "A group of researchers from the University of Arizona have released a study that takes a look at the security of ten popular package managers. They were able to show all ten were vulnerable to attacks from a mirror or man-in-the-middle that allow an attacker to (along with other things) crash the system or obtain root access. Furthermore, the researchers created a fictitious administrator and company name and were able to lease a server and get it listed as an official mirror for all the distributions they tried (Ubuntu, Debian, Fedora, CentOS, and OpenSUSE).
This begs the question, what keeps you up at night, the thought of attacks on your package manager or previously discussed and patched vulnerability in DNS."
This begs the question, what keeps you up at night, the thought of attacks on your package manager or previously discussed and patched vulnerability in DNS."
VMS is like a nightmare about RXS-11M.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Package Managers an Achilles Heel? 0 Comments More Login /
Get More Comments