Kali Linux Man In The Middle

2015.03.22
Credit: Kurt
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Date: Tue, 17 Mar 2015 07:37:50 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Kali Linux security is a joke! FYI -- Your best chance to hack the hackers... "Downloading Kali Linux" "Alert! Always make certain you are downloading Kali Linux from official sources, as well as verifying md5sums against official values. It would be easy for a malicious entity to modify a Kali install to contain malicious code, and host it unofficially." http://docs.kali.org/category/introduction --- No kidding! So how come whenever you do apt-get install in Kali Linux, it accesses http://security.kali.org and http://http.kali.org ?? Hasn't Kali heard about MITM attacks against http ?? What's the point of verifying md5 sums against "official values", if Kali can't even get the "official values" securely ??

References:

http://seclists.org/oss-sec/2015/q1/915
http://docs.kali.org/category/introduction


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top