User: Password:
|
|
Subscribe / Log in / New account

Attacks on package managers

Attacks on package managers

Posted Apr 9, 2009 11:36 UTC (Thu) by hppnq (guest, #14462)
Parent article: Attacks on package managers

The best way to stay secure is to choose a distribution that takes these vulnerabilities seriously.

No. The best way to stay secure is to make backups.


(Log in to post comments)

Attacks on package managers

Posted Apr 9, 2009 13:43 UTC (Thu) by tialaramex (subscriber, #21167) [Link]

Our customers would be very unhappy if they found that attackers had somehow copied our database of sensitive personal information, and the response "it's OK, we're quite secure because we have backups" would not be likely to mollify them.

The best way to stay secure is to ensure you're running trustworthy code, and if you have vulnerabilities in your package manager then it's very hard to make sure of that.

Attacks on package managers

Posted Apr 15, 2009 9:26 UTC (Wed) by hppnq (guest, #14462) [Link]

Obviously a backup is not going to help against perpetrators.

But perhaps the only way of ensuring that you are running trustworthy code, is not to "choose a distribution you can trust", but to put your trustworthy code on offline storage and make sure you run that code only.

Serious shops really do not run package managers on their precious database systems.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds