Klaus Jochem 0 Posted January 8, 2018 Share Posted January 8, 2018 Hi, I noticed that pattern updates are downloaded through an http connection. If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database. Are there update servers available which support pattern downloads with https? Many thanks in advance, Klaus Jochem Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted January 8, 2018 Administrators Share Posted January 8, 2018 6 minutes ago, Klaus Jochem said: If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database. This is not possible since update files are digitally signed. That said, "compromised" modules would not install. Link to comment Share on other sites More sharing options...
Klaus Jochem 0 Posted January 8, 2018 Author Share Posted January 8, 2018 3 minutes ago, Marcos said: This is not possible since update files are digitally signed. That said, "compromised" modules would not install. Many thanks for your answer. Link to comment Share on other sites More sharing options...
Recommended Posts