Date: Thu, 24 Dec 2009 16:20:08 +0800 From: QIU Quan <jackqq@gmail.com> To: freebsd-questions@freebsd.org Subject: Are source updating mechanisms vulnerable to MITM attacks? Message-ID: <53a565700912240020s7476721egca5d7801ffcd2bb7@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
It seems CVSup uses clear text, with neither server authentication as SSH nor message authentication as PGP. Is it possible to poison the DNS records and fire a man-in-the-middle attack against the source updating procedure? It seems portsnap uses a public key to verify downloads. Are there some source updating mechanisms with authentication or verificati= on? Thanks. --=20 =E8=A3=98=E4=BD=BA (QIU Quan) <jackqq@gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53a565700912240020s7476721egca5d7801ffcd2bb7>