Jump to content

Archived

This topic is now archived and is closed to further replies.

Klaus Jochem

Pattern updates via HTTPS

Recommended Posts

Hi,

I noticed that pattern updates are downloaded through an http connection. If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database.

Are there update servers available which support pattern downloads with https?

Many thanks in advance,

Klaus Jochem

Share this post


Link to post
Share on other sites
6 minutes ago, Klaus Jochem said:

If the update is done across a open network, e.g in a hotel or the airport, this gives an attacker the opportunity to spoof the update service, which may result in a compromised pattern database.

This is not possible since update files are digitally signed. That said, "compromised" modules would not install.

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

This is not possible since update files are digitally signed. That said, "compromised" modules would not install.

Many thanks for your answer.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×