Changes between Version 143 and Version 144 of doc/TorBOX/SecurityAndHardening


Ignore:
Timestamp:
Jul 24, 2012, 3:45:19 AM (6 years ago)
Author:
proper
Comment:

fix

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/SecurityAndHardening

    v143 v144  
    677677Here's an (incomplete) list of things the more paranoid user will have to consider:
    678678 * apt-get as currently used in Ubuntu does not protect against a "stale mirror attack" where an adversary provides validly signed but outdated metadata to prevent users from downloading and installing the latest critical security updates. When fetching updates over tor this problem is of a lesser extent because no single malicious exit node will realistically prevent users from downloading updates more than once in a row. Malicious mirror is possible but aos-Workstation uses the main US mirror, any irregularities will be uncovered pretty soon. More of concern is the clear text update of the host operating system. Here it's a good idea to manually check how old the repository metadata is yourself:
     679
    679680{{{
    680 find /var/lib/apt/lists/{security*,us.archive.ubuntu.com_ubuntu_dists_oneiric-updates*} -type f |xargs cat|grep Date
    681 and on precise:
    682 find /usr/share/apt-setup/release-files/{security.ubuntu.com/precise,archive.ubuntu.com/precise-updates} -type f |xargs cat|grep Date
     681find /var/lib/apt/lists/* -type f | xargs cat | grep "Date: "
    683682}}}
    684683