Jump to content

Recommended Posts

Hi,

I noticed that pattern updates are downloaded through an http connection. If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database.

Are there update servers available which support pattern downloads with https?

Many thanks in advance,

Klaus Jochem

Link to post
Share on other sites
  • Administrators
6 minutes ago, Klaus Jochem said:

If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database.

This is not possible since update files are digitally signed. That said, "compromised" modules would not install.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...