Are source updating mechanisms vulnerable to MITM attacks?
QIU Quan
jackqq at gmail.com
Thu Dec 24 08:47:44 UTC 2009
It seems CVSup uses clear text, with neither server authentication as
SSH nor message authentication as PGP.
Is it possible to poison the DNS records and fire a man-in-the-middle
attack against the source updating procedure?
It seems portsnap uses a public key to verify downloads.
Are there some source updating mechanisms with authentication or verification?
Thanks.
--
裘佺 (QIU Quan) <jackqq at gmail.com>
More information about the freebsd-questions
mailing list