Changes between Version 142 and Version 143 of doc/TorBOX/SecurityAndHardening


Ignore:
Timestamp:
Jul 24, 2012, 3:33:20 AM (7 years ago)
Author:
proper
Comment:

gateway now updating over Tor

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/SecurityAndHardening

    v142 v143  
    676676
    677677Here's an (incomplete) list of things the more paranoid user will have to consider:
    678  * apt-get as currently used in Ubuntu does not protect against a "stale mirror attack" where an adversary provides validly signed but outdated metadata to prevent users from downloading and installing the latest critical security updates. When fetching updates over tor this problem is of a lesser extent because no single malicious exit node will realistically prevent users from downloading updates more than once in a row. Malicious mirror is possible but aos-Workstation uses the main US mirror, any irregularities will be uncovered pretty soon. More of concern is the clear text update of host and gateway. Here it's a good idea to manually check how old the repository metadata is yourself:
     678 * apt-get as currently used in Ubuntu does not protect against a "stale mirror attack" where an adversary provides validly signed but outdated metadata to prevent users from downloading and installing the latest critical security updates. When fetching updates over tor this problem is of a lesser extent because no single malicious exit node will realistically prevent users from downloading updates more than once in a row. Malicious mirror is possible but aos-Workstation uses the main US mirror, any irregularities will be uncovered pretty soon. More of concern is the clear text update of the host operating system. Here it's a good idea to manually check how old the repository metadata is yourself:
    679679{{{
    680680find /var/lib/apt/lists/{security*,us.archive.ubuntu.com_ubuntu_dists_oneiric-updates*} -type f |xargs cat|grep Date