Recommended Posts

Hi,

I noticed that pattern updates are downloaded through an http connection. If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database.

Are there update servers available which support pattern downloads with https?

Many thanks in advance,

Klaus Jochem

Share this post


Link to post
Share on other sites
6 minutes ago, Klaus Jochem said:

If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database.

This is not possible since update files are digitally signed. That said, "compromised" modules would not install.

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

This is not possible since update files are digitally signed. That said, "compromised" modules would not install.

Many thanks for your answer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.