#facestab chump Archives for 2002, 2003, 2004, 2005, 2006, 2007, 2008RSS

last updated at 2009-03-14 20:07

Newspapers and Thinking the Unthinkable
posted by seti at 2009-03-14 20:06

FDA Approves Depressant Drug For The Annoyingly Cheerful
posted by seti at 2009-03-14 15:30

seti: (via biella coleman's blog)

Thandy: Secure Updates for Tor
posted by coderman at 2009-03-14 14:14

coderman: "We [need to help keep] software updated. When we make security fixes, quick uptake helps narrow the window in which attackers can take advantage of newly discovered problems. But many people don't subscribe to or-announce, and so they only find out about new releases sporadically."
coderman: "I'm especially happy with Thandy's security architecture. We assume an adversary who can operate compromised mirrors and who can possibly compromise the main repository. At worst, such an adversary can DOS users' updates in a way that users can detect."
coderman: "Unlike lots of other update tools, we're immune to rollback attacks (where an adversary convinces users to install an old, compromised version of the software), we can detect frozen mirrors (where an adversary just doesn't serve updates), and we can even handle key compromise [read: rekeying, revocation] relatively gracefully."
    
Run by the Daily Chump bot.