Dangermouse 5 Posted November 23, 2016 Share Posted November 23, 2016 Does ESS download signed update files via http with SSL, or does it use a plain http connection that leaves it vulnerable to MITM attacks ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted November 23, 2016 Administrators Share Posted November 23, 2016 Using SSL would ensure the authenticity of the server. To ensure the integrity of update files, they are signed so any attempt for MitM attack would fail as the updater would refuse fake/hacked update files. Link to comment Share on other sites More sharing options...
Dangermouse 5 Posted December 4, 2016 Author Share Posted December 4, 2016 OK, so you're saying the server authenticity isn't ensured, because it's not using SSL ? And how are the update files signed - what kind of signing ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted December 4, 2016 Administrators Share Posted December 4, 2016 OK, so you're saying the server authenticity isn't ensured, because it's not using SSL ? And how are the update files signed - what kind of signing ? The point is that ESET would not accept unsigned or modified update files. It's not important whether they are downloaded from a mirror or from ESET's servers, however, those who want may provide mirror via https as it's fully supported by the updater. Link to comment Share on other sites More sharing options...
Recommended Posts